Microsoft Teams has finally been restored after suffering a massive outage that lasted many hours!
Here was what happened…
Microsoft Teams Suffers Massive Outage!
On Wednesday, 20 July 2022, thousands of users were unable to access Microsoft Teams, and it continued into Thursdays, 21 July 2022.
This was a big problem, because Teams had become an integral part of daily operations for many businesses that had adapted to a hybrid work pattern during the COVID-19 pandemic.
Microsoft Teams users relied on the service to organise their workflow and communicate internally like making calls and messaging each other.
The MS Teams problem also affected other services downstream, with some users reporting issues with Microsoft Office 365 as well.
Microsoft acknowledged the downstream impact to multiple Office 365 services with Teams integration, like Microsoft Word, Office Online and SharePoint Online.
Why Microsoft Teams Suffered Such A Massive Outage!
After 1.5 hours after Teams went down, Microsoft announced that they found the root cause – “a recent deployment contained a broken connection to an internal storage device, which result in impact“.
That’s tech-speak for “we installed a system upgrade that pointed to a storage device that does not exist, so MS Teams stopped working“.
They quickly redirected traffic to “a healthy service to mitigate impact“, which have allowed unaffected users to continue using MS Teams, but it did not seem to help those who lost access.
Although they identified the root cause, restoration appears to be taking time. Two hours later, they could only report that “Microsoft Teams functionality is beginning to recover“, which they repeated two hours later.
In the meantime, affected MS Teams users are creatively expressing their “frustration” on social media…
Update @ 3:56 PM (GMT+8) : The Microsoft 365 team announced that Teams availability has “mostly recovered“, but “a few service features” still required attention.
Please Support My Work!
Support my work through a bank transfer / PayPal / credit card!
Name : Adrian Wong Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp
Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.
He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.
Chinese netizens are incensed over evidence that WPS Office was monitoring and deleting their files!
Find out what’s going on, and what it means for the digital privacy of WPS Office users!
Chinese Netizens : WPS Office Is Monitoring + Blocking Our Documents!
Chinese company, Kingsoft, is under fire for claims that its productivity suite WPS Office is actively monitoring and deleting user documents that might displease Beijing!
At the heart of this issue is the WPS Cloud platform that works like Microsoft 365, allowing users to store their documents in the cloud, or locally.
Chinese netizens are alleging that WPS Office was actively monitoring their documents, and even deleting those that were detected to contain content that might displease the Chinese authorities.
One novelist who goes by the pseudonym Mitu, claimed that she was unable to access her unpublished 1.3 million character document. Not only was it blocked in her cloud storage, she couldn’t access the local copy using the desktop WPS client.
She was told that “the file may contain sensitive content and access has been disabled“.
Mitu shared her experience on Lkong – an online Chinese literature forum, and the social media platform Xiaohongshu, in late June 2022; and it only began trending in Weibo in early July after an influencer reposted her complaint.
A Weibo post on her complaint appears to have been deleted, but fortunately a screenshot was captured. This was the post in Chinese, machine translated into English :
Simply put, WPS seems to have some kind of sensitive word harmony function,Then after being detected, not only the ones stored on the cloud disk will be harmonized
According to the victim’s complaint, it is not only on the cloud, but also on local files.It’s hard to escape a harmony.
At present, according to some netizens, it may be checked after being saved.Sensitive words are detected and then determined to be files that may contain sensitive information,
Directly blocked, or it may be directly locked after being remotely detected by the background serverlocal files There is no other way but to appeal (and it will be fixed in time) but thisIs it remote from the server?
Now there is a lot of panic in the online literature circle, for fear that hundreds of thousands of words of manuscripts will be blocked overnight.Asking both online and offline harmony, many people re-use ms and writing padswrite file
As of now, some companies that write scripts and some industries have said they want to change the MS office.
Mitu said she reported the problem to Kingsoft, which eventually apologised and restored access to the file within two days. The company admitted that “the file was not problematic”.
However, her story spurred other Chinese netizens to come forward with their own stories. A writer in Guangzhou who goes by the pseudonym Liu Hai also said that his WPS Office document of nearly 10,000 words was similarly blocked on July 1, 2022.
These incidents have sparked concerns about privacy in China. While the Chinese government routinely monitors and censors social media content, monitoring and blocking of personal documents would represent a new level of censorship in China.
WPS Office Admits Blocking File Access
After the online furore over claims that WPS Office deleted user files, the software developer issued a terse public statement on July 11, 2022.
It said that WPS Office does not delete the “user’s local files”, and that it was a misunderstanding. They only deleted the “online document link”, and blocked “others from access the link according to the law”.
Here is the Weibo post in Chinese, machine translated into English :
Statement on the exposure of online transmission #WPS will delete the user’s local files
A recent online document link shared by a user is suspected of violating the law, and we have prohibited others from accessing the link according to law.This has been misrepresented as #WPS delete user local files.
To this end, we specifically declare: WPS, as an office software developed for more than 30 years, has always put user experience and user privacy protection first.
The statement about deleting the user’s local files is purely misleading, and we will reserve the right to safeguard our legitimate interests through legal means.
WPS Office cleverly claims that it never “censors, locks or delete users’ local files”, which is technically correct but as Mitu and Liu Hai described, WPS Office blocks access to their users’ local files.
It was discovered that the files can still be opened by other software, like Microsoft Word or Tencent Docs. But the blocked files cannot be opened by WPS Office, even if they are stored locally (in the user’s computer).
It should be noted that Mitu never shared her file online. So WPS Office’s claim that they only blocked “others” from accessing the file is misleading.
WPS Office Not The Only Cloud Provider Monitoring Content
To be fair to WPS Office and Kingsoft, they are not the only ones monitoring content uploaded to the cloud. They just took things one step further by blocking access to local files.
By default, traffic to and from cloud-based productivity services like Google Docs, Microsoft 365 and WPS Office are not end-to-end encrypted.
That means they can and most likely are reading / monitoring EVERYTHING you type or upload. This includes files uploaded and stored in cloud-based storage services like Google Drive and Microsoft OneDrive.
That is the right of cloud service providers, because you are using their servers to store your content.
Google, for example, lists content that can be automatically removed and could even lead to a ban :
Account hijacking
Account inactivity
Child sexual abuse and exploitation
Circumvention
Dangerous and illegal activities
Harassment, bullying, and threats
Hate speech
Impersonation and misrepresentation
Malware and similar malicious content
Misleading content
Non-consensual explicit imagery
Personal and confidential information
Phishing
Regulated goods and services
Sexually explicit material
Spam
System interference and abuse
Unauthorized images of minors
Violence and gore
Violent organizations and movements
People need to be aware of this, and stop assuming that they have privacy on such cloud services, even if they paid to use them.
So it is not surprising that WPS Office monitors everything its users do. If they stopped at blocking access to the online files that contravened local laws, no one would bat an eye.
What is unusual though is that it also blocked access to the users’ local files! That means that their desktop and mobile apps were specifically designed to enforce a list of blocked files issued by WPS Office / Kingsoft.
If WPS Office / Kingsoft goes to that extent, does it mean that they would also alert the Chinese authorities about users producing content that displease them?
That is something everyone should think about, not just Chinese netizens who are justifiably concerned about WPS Office.
Please Support My Work!
Support my work through a bank transfer / PayPal / credit card!
Name : Adrian Wong Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp
Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.
He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.
Please watch out for a new malware called SVCReady that is being embedded in Microsoft Word attachments!
Here is what you need to know about the new SVCReady malware!
Watch Out For SVCReady Malware In MS Word Documents!
The HP Threat Research just uncovered a new malware called SVCReady, which they first picked up on 22 April 2022 through HP Wolf Security telemetry.
SVCReady is being distributed in phishing emails with Microsoft Word attachments. On opening the infected Word document, an embedded Visual Basic for Applications (VBA) AutoOpen macro is used to run shellcode stored in the properties of the document.
Splitting the macro from the shellcode is a way to evade security software that would normally detect the malicious code.
Document properties containing shellcode, namely a series of nop instructions as represented by 0x90 values. Credit : HP
The SVCReady malware begins by downloading and loading its payload from the web, and connecting to its Command and Control (C2) server.
It then starts gathering and sending information to the C2 server like :
The SVCReady malware also connects to its C2 server every 5 minutes to report its status, send information, receive new instructions, or validate the domain.
Currently, the malware appears to only gather and send information. However, that will change as the malware persists in the system, and is capable of receiving both updates and instructions from the C2 server.
In fact, the HP team observed the SVCReady retrieve and load a Readline stealer payload on an infected computer. It’s a sign of things to come.
The HP team believes that the SVCReady malware is still in early development, with an influx of updates adding features like encrypted C2 communications, and detection evasion.
They also found evidence linking SVCReady to past malware documents by the TA551 (Shatak) group from 2019 and 2020.
SVCReady will eventually be used for more nefarious purposes once it is good and ready. Until then, the malware will stay hidden, lurking and waiting for its master’s commands.
How To Avoid SVCReady Malware In MS Word Documents?
The HP team discovered that the malware creates a new registry key, which could serve as a signature for security software to detect it : HKEY_CURRENT_USER\Software\Classes\CLSID\{E6D34FFC-AD32-4d6a-934C-D387FA873A19}
But until security software are updated to detect SVCReady, the best way to avoid this malware is simple – do NOT open Word document attached to emails!
If you regularly receive Word documents in your emails, please VERIFY with the sender before opening them.
These phishing emails are designed to look legitimate. So be very careful about what you open!
Please Support My Work!
Support my work through a bank transfer / PayPal / credit card!
Name : Adrian Wong Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp
Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.
He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.