Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World
Banks, airports, TV stations, health care organizations, hotels, and countless other businesses are all facing widespread IT outages, leaving flights grounded and causing widespread disruption, after Windows machines have displayed errors worldwide.
A defective CrowdStrike kernel driver sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.
In the early hours of Friday, companies in Australia running Microsoft’s Windows operating system started reporting devices showing Blue Screens of Death (BSODs). Shortly after, reports of disruptions started flooding in from around the world, including from the UK, India, Germany, the Netherlands, and the US: TV station Sky News went offline, and US airlines United, Delta, and American Airlines issued a “global ground stop” on all flights.
The widespread Windows outages have been linked to a software update from cybersecurity giant CrowdStrike. It is believed the issues are not linked to a malicious cyberattack, cybersecurity officials say, but rather stem from a misconfigured/corrupted update that CrowdStrike pushed out to its customers.
Engineers from CrowdStrike posted to the company’s Reddit forum that it has seen “widespread reports of BSODs on Windows hosts” occurring across its software, is working on the problem, and has advised a workaround for impacted systems. It also issued instructions to its customers in an advisory.
The incident, so far, appears to be impacting only devices running Windows and not other operating systems. It is unclear exactly how widespread the issues are and how long they will take to resolve. Microsoft and CrowdStrike did not immediately respond to WIRED’s requests for comment on the outage.
Hours after the issues started to emerge, CrowdStrike CEO George Kurtz issued a statement about the outages, saying the company has found a “defect” in an update for Windows that it issued. “This is not a security incident or cyberattack,” Kurtz said. “The issue has been identified, isolated, and a fix has been deployed.” In the statement, Kurtz confirmed that Mac and Linux hosts are not impacted by the update and said that its customers should refer to its support portal.
A Microsoft spokesperson also issued a statement saying it is aware of the problems linked to Windows devices and the company believes a “resolution is forthcoming.” At the same time as the CrowdStrike issues emerged, Microsoft was also dealing with its own, apparently unrelated, outage of its Azure cloud services.
The outages could result in “millions” being lost by organizations impacted who have had to halt their operations or stop business, says Lukasz Olejnik, an independent cybersecurity consultant, who says the CrowdStrike update appears to be linked to its Falcon Sensor product. The Falcon system is part of CrowdStrike’s security tools and can block attacks on systems, according to the company.
“It reminds us about our dependence on IT and software,” Olejnik says. “When a system has several software systems maintained by various vendors, this is equivalent to placing trust on them. They may be a single point of failure—like here, when various firms feel the impact.”
The outage stemming from the CrowdStrike update has had a huge knock-on impact on public services and businesses around the world. Scores of airports are facing delays and long queues, with one passenger in India sharing a hand-written boarding pass that they have been issued. Almost 1,400 flights have been canceled around the world.
