Businesses the world over are reporting IT outages, together with Windows “blue screen of death” errors on their computer systems, in what has already grow to be one of the vital widespread IT disruptions lately. The outage — linked to a software program update from common cybersecurity agency CrowdStrike — has affected computer systems working Microsoft Windows at organizations throughout numerous sectors, together with airlines, banks, retailers, brokerage homes, media firms and railway networks. The journey sector appears to be one of many hardest hit, based mostly on on-line chatter.
CrowdStrike’s chief government, George Kurtz, confirmed in a submit on X {that a} “defect” in a content material update for Windows hosts had brought about the outage, and Kurtz dominated out a cyberattack. He added that the agency was rolling out a repair and that Mac and Linux hosts weren’t affected.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted,” Kurtz famous on X.
“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers,” Kurtz stated.
Later Friday, the U.S. cyber company, the CISA, stated that although the outage wasn’t linked to any suspicious exercise, it has “observed threat actors taking advantage of this incident for phishing and other malicious activity.”
A submit on CrowdStrike’s assist boards (that are solely accessible with a login) additionally acknowledged the problem early on Friday, saying the corporate had obtained studies of crashes associated to a content material update. CrowdStrike stated the crash studies had been “related to the Falcon Sensor” — its cloud-based safety service that it describes as “real-time threat detection, simplified management, and proactive threat hunting.”
A moderator of the CrowdStrike subreddit also said the company was aware of “widespread reports” of blue screen errors on Windows devices across multiple versions of its software. The firm was investigating the cause, the message read.
The security firm didn’t immediately respond to a request for comment.
Microsoft started to note problems starting in the early hours of July 19. Its Service Health page notes currently that Microsoft 365 for Consumers is now back up. Enterprise apps, however, are still seeing disruption according to its Service Health Status for its cloud services for business.
“We’re aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming,” a Microsoft spokesperson told Ztoog in a statement.
The Microsoft spokesperson said that the previous Microsoft 365 service disruption overnight July 18 to 19 was unrelated to the widespread outage triggered by the CrowdStrike update.
There will be a lot of questions to ask and answer about resilience — or perhaps the lack of it — in cloud services, and namely how one single update could bring so much to a grinding halt around the world.
“In our view, cybersecurity products have to clear a higher bar of reliability and security in customer deployments than other technology products because they are mission critical and actively attacked by adversaries,” Goldman Sachs analysts wrote in a research note Friday. “In some ways, we believe this will reinforce the barrier to entry in the industry and the need for best-in-class update, outage and customer service protocols, ultimately favoring companies with scale.”
Airlines and airports across Germany, France, the Netherlands, the United Kingdom and the United States, as well as Australia, China, Japan, India, Singapore and Taiwan are reporting problems with check-in and ticketing systems, resulting in flight delays and ample chaos at airports.
U.S. federal airspace officials announced a nationwide ground stop of air traffic on Friday due to the outages, which might have an affect on the climate, experts told Ztoog. Others were affected by the outage and the airline chaos in other ways.
In the U.K., the London Stock Exchange reported disruptions. Several doctors’ offices in the U.K. said on X that the outage had hit the National Health Service’s clinical computer system that contains medical records and is used for scheduling appointments.
And in the U.S., some 911 and non-emergency call centers seem to be affected. A post by Alaska State Troopers said many such call centers were “not working correctly across the State of Alaska.”
U.K. news broadcaster Sky News faced trouble broadcasting live this morning due to the outage, the firm’s executive chairman David Rhodes tweeted. The New Zealand Herald reported that banking services in the country were affected by the issue, too, and several Indian news channels said they had problems broadcasting as well.
Many companies’ employees have reported being unable to start their computers due to the issue. The outage came shortly after Microsoft confirmed service problems with its Microsoft 365 apps late on Thursday, which affected several airlines including Delta and United. Microsoft’s services status page says the issues are being resolved.
And amid the chaos, misinformation has been spreading, including that the Las Vegas Sphere was displaying a blue screen of death.
Before CrowdStrike acknowledged its role in the crash, businesses and security experts early on Friday began to point fingers at the company, whose software is used by millions of people across enterprises to manage security both on devices and servers. Experts told Ztoog that rivals could stand to gain from the debacle, as well.
CrowdStrike counts nearly 60% of Fortune 500 companies and more than half of the Fortune 1,000 among its clients, per its website. Its services are deployed by eight of the top 10 financial services firms and an equal number of leading tech companies. It also has a deep and wide presence in the healthcare and manufacturing sectors, serving six and seven of the top 10 companies in those industries, respectively.
CrowdStrike’s shares were down around 11% when the market closed on Friday, and a market cap of $74.2 billion at the time of this writing.
Ram Iyer, Ingrid Lunden and Zack Whittaker contributed to this report.
This story was initially revealed at 12:09 a.m. July 19, and was up to date to mirror new data.