Microsoft's main website was unreachable for almost two hours last Friday as the web server on which it is hosted failed following a denial-of-service attack.
"A DOS attack on the Microsoft.com website started at 1.21pm Pacific time and lasted for roughly one hour and 40 minutes," a Microsoft spokesman said. "We have reported this to the appropriate federal law enforcement authorities and they are investigating this particular attack."
The denial of service was caused by "a malicious load of site requests", the spokesman said, but Microsoft has yet not determined where the attack originated or who could be behind it.
The company said its site did not go down as a result of a software flaw, nor was a flaw in any Microsoft product involved in staging the attack, the spokesman said. "This is not a Microsoft software issue," he added.
The attack hit only the Microsoft.com website; other Microsoft web properties such as MSN, Hotmail and MSNBC were not affected, the spokesman said.
Microsoft's website is one of the most popular targets for attack on the web and has suffered outages in the past. The company's site has also been hit by attacks exploiting unpatched software holes in Microsoft's own server software.
Microsoft did well as sites that go down under a DOS attack are normally offline for longer than two hours, according to Eric Siegel, principal internet analyst at web performance management services firm Keynote Systems.
"Usually DOS attacks are catastrophic. Microsoft's performance in this attack was quite good," he said. "A couple of years ago these attacks were longer and the system would collapse completely."
Joris Evers writes for IDG News Service