Cloud Solutions: Are not your friends
2024: A Record Number of Microsoft Vulnerabilities
According to BeyondTrust, Microsoft reported 1,360 vulnerabilities in 2024, up 11% from the previous record, covering Windows, Office, Edge, Azure, and related products. While the number of critical vulnerabilities declined, attacks now target digital identity and privileged access more than traditional software flaws. Notably, Elevation of Privilege and Remote Code Execution (RCE) issues dominate the vulnerability landscape.
July 2024: DDoS Attack Outages Amplified by Implementation Error
Following the widespread CrowdStrike outage on July 18, 2024 that caused massive global disruption of air travel, hospital system operations, and emergency services, Microsoft was the target of a similar DDoS attack. This attack resulted in outages of Azure and Microsoft 365 for nearly 10 hours, and was exacerbated by an error in the company’s defense implementation. As Forbes reported, “The initial DDoS attack had activated the firm’s DDoS protection mechanisms, but an error in the implementation of defenses ‘amplified the impact of the attack rather than mitigating it,’ Microsoft admits.”
There have been some major Gaffs! that have left peoples data open to all to see which we need to understand why cloud may not be a solution for many companies. we have been an advocate for Hybrid solutions to but even this has started to become untenable with the risks to networks and data being so high. The problems are extensive with these 2 examples are just the tip of the iceberg.
We all rely on the internet for pretty much everything and the risks to it has now seriously poses the question is centralisation a good idea for your business?
Cloudflare outage on November 18, 2025
On 18 November 2025 at 11:20 UTC (all times in this blog are UTC), Cloudflare's network began experiencing significant failures to deliver core network traffic. This showed up to Internet users trying to access our customers' sites as an error page indicating a failure within Cloudflare's network.
Some of these providers now provide a large portion of internet related products from hosting to DDoS protection this only works if they them selves are not venerable to some form of internal failure. This
CloudFlare's Failure was related to database permissions.
The issue was not caused, directly or indirectly, by a cyber attack or malicious activity of any kind. Instead, it was triggered by a change to one of our database systems' permissions which caused the database to output multiple entries into a “feature file” used by our Bot Management system. That feature file, in turn, doubled in size. The larger-than-expected feature file was then propagated to all the machines that make up our network.
This is means a point of failure that hopefully they can mitigate in the future but the damage is done. It can and does effect trust in a product the idea of a perfect solution is a noble cause but in the end only can be achieved by keeping things simple easy to understand and well documented. I'm not implying that CloudFlare did not do any of the following I'm just floating the idea for you to think about for your own networks.
DDoS attack which initially was thought to be the issue so massive that would take down the likes of CloudFlare would turn out to be as "simple" (this does not do it justice in anyway) a database permissions issue that then took down the likes of CloudFlare. This is not a criticism of CloudFlare but a reminder that the old addage stands Keep It Simple Stupid could fit the bill in this situation.
if you want to read the full breakdown on what happened click here. we will defend CloudFlare on this one as they do have a product that does a dam good job but it has it's risks like any product. With Microsoft on the other hand they have down played multiple events, We feel they are becoming more of a risk to businesses with complex products and extras that most if not all business really don't need. Hosted VS local then becomes the question and we feel it's better to be local than hosted.
Microsoft Office 365..
Midnight Blizzard (2024), AI Research Data Leak (2023), "BlueBleed" Azure Data Leak (2022), Power Apps Misconfiguration (2021), (October 2022): 548,000+ Users Exposed in BlueBleed Data Leak, (July 2023): Microsoft Denies Purported Data Breach, (July 2023): Chinese Hackers Breach U.S. Agencies Via Microsoft Cloud.
Conclusion
If you want our advice start to think of your data as key to your business! and stop putting it in the hands of people who do not care about your business or it's data.
Recent Articles
Networking: VDLS How it works
VDSL is a type of broadband internet that delivers data over existing copper telephone lines, similar to ADSL—but much faster over short distances.
Networking: Why VLANs Aren’t Just for Enterprises
Virtual Local Area Networks (VLANs) allow businesses to logically segment their network without requiring separate physical infrastructure
Access Control: Paxton Net2
Why Paxton should be your pick for access control
Networking: PPPoE all you need to know and more!
PPPoE (Point-to-Point Protocol over Ethernet) a handy tool in your networking toolbox
MikroTik: CRS112-8P-4S-IN Port security and DHCP Spoofing Protection
This switch really is a Swiss Army knife — but like any multi-tool, it has its quirks
Networking: Keep an eye on your network
Why it's important to keep an eye on your network and what's the steps can you do to be proactive.
Cloud Solutions: are not your friends!
One thing that's over looked in recent times because of convenance is the cloud.
MikroTik: The Basics
The Basics are important when setting up a router for the first time.
Mikrotik: The multitool router option!
Not just a router but a powerhouse of routing, VPN and much more!