10/08/2022 14:15:00 PM (BST)
Issue Reported : 10/08/2022 13:41:17 PM BST
Microsoft Reference : MO411804
NHSmail Reference : INC31017259
Issue Status : RESOLVED
Issue Description : Some users may be unable to connect to multiple Microsoft 365 services.
More Info : Impacted services include, but are not limited to:
- Outlook desktop client
- OneDrive for Business
- Microsoft Teams
While the incident was ongoing, affected customers confirmed that disabling the affected snort rule mitigated impact. In addition, Cisco Meraki has published supplemental information for their customers to follow at their community site, which is located here: https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649.
Scope of impact : Impact was specific to customers who implemented snort rule 1-60381.
Final Update : 11/08/2022 09:17:00 AM – The third-party provider successfully disabled snort rule 1-60381 at approximately 6:19 PM UTC, on Wednesday, August 10. Through telemetry and reports from affected users, Microsoft has confirmed that this has resolved the issue. However, the change can take up to three hours to fully propagate, so some users may continue to experience impact until that change reaches their environment.
Root Cause : While Microsoft has confirmed that there was a problem with snort rule 1-60381, a full investigation into the root cause is ongoing. They will provide a full root cause when the final post-incident report has been published.
Next steps : Microsoft is working with the third-party provider to fully understand what caused an issue with the snort rule, and will determine any action items they may need to apply during those discussions.