Global Windows outage plunged banks, airlines, and more into chaos – here's everything you need to know
CrowdStrike software update hit Windows PCs worldwide
A massive global IT outage yesterday (Friday, 19 July) caused chaos at banks, airlines, TV broadcasters, and more after Windows workstations were hit by 'blue screen of death' error messages that were caused by a software update by cybersecurity firm CrowdStrike.
The first reported issues came from Australia but were quickly followed by problems across the US, UK, and more. The chaos spread to airports, where airline system issues caused ground stoppages and massive queues at terminals. Even TV networks like Sky News were taken down in the UK, and there were widespread communication system outages across Australia. Payment services were particularly badly hit, with customers unable to use checkout systems in supermarkets, and some healthcare systems also went down.
Problems eased slowly throughout the day. George Kurtz, CEO of CrowdStrike, quickly admitted on X (formerly Twitter) that the problems were caused by "a single content update for Windows hosts". He stated that the "issue has been identified, isolated and a fix has been deployed." Even so, knock-on issues persisted for hours at airports, health services, financial institutions, and more.
Below, you can walk back through all the day's events right up to Kurtz's apology and promise that they'll get to the bottom of this so it never happens again. You might also want to read our Windows Blue Screen of Death crisis explainer, as we all try to comprehend the biggest, global IT outage we've seen for years (or maybe ever)…
How it started
- A huge global IT outage caused chaos across banks, airports and more
- It was not a cyber attack but a tech issue
- Multitudes of enterprise, business, and infrastructure systems running Windows, which uses the CrowdStrike software for security were affected
- TV broadcasters, banks, health services, and airlines were affected
- CrownStrike boss says issues were caused by "a single content update for Windows hosts" and after apologized for the issue and promised to get to the bottom if it
- A "fix has been deployed" and systems are recovering
- Some systems, though, may take days or weeks to fully recover
Here's everything you need to know about the July 19, 2024, global IT outage.
Here's what Down Detector is currently showing in the US – with multiple companies impacted across all manner of industries including transport, banking, media and more.
The situation in the UK is every bit as severe, with Microsoft – and Microsoft 365 – Visa, BT and more all seemingly impacted by the outage.
Microsoft's own Service Status page states that everything is running normally right now, which clearly isn't the case.
"We're all good! Everything is up and running."
However, earlier in the day Microsoft did report that users might not have been able to access Microsoft 365, its cloud-based app service.
It seems the problem may stem from an update by the cybersecurity company Crowdstrike, which is causing Windows PCs to display the Blue Screen of Death, and to then be unable to reboot.
An email sent to TechRadar and other publishers by Tesserent cyber solutions company appears to confirm that the issue is with CrowdStrike.
It states: "CrowdStrike have deployed a new content update which resolves the previously erroneous update and subsequent host issues. As your devices receive this update you may need to reboot for the changes to take effect and for the blue screen (BSOD) issues to be resolved.
"If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps can be used to workaround this issue:
"Workaround Steps:
"1. Boot Windows into Safe Mode or the Windows Recovery Environment
"2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
"3. Locate the file matching “C-00000291*.sys”, and delete it.
"4. Boot the host normally."
TechRadar has not yet been able to verify those steps independently.
Microsoft's Twitter account (Sorry, X, whatever) is reporting that it's still investigating issues but that it is working on fixing them.
We're investigating an issue impacting users ability to access various Microsoft 365 apps and services. More info posted in the admin center under MO821132 and on https://t.co/W5Y8dAkjMkJuly 18, 2024
That previous post was some eight hours ago, but one hour ago it stated that "Our services are still seeing continuous improvements while we continue to take mitigation actions. More details can be found within the admin center under MO821132 and http://status.cloud.microsoft"
Our services are still seeing continuous improvements while we continue to take mitigation actions. More details can be found within the admin center under MO821132 and https://t.co/Htn4qQEnspJuly 19, 2024
Airlines appear to be one of the hardest hit areas in this outage.
As well as the problems in the US, that have seen Delta and United ground flights, there are delays and problems everywhere from Japan – where the Narita airport outside Tokyo says JetStar, Jeju Air, Qantas, HK Express and Spring Japan all have issues with their systems – to India, where Delhi airport says some services have been temporarily impacted.
The Microsoft / CrowdStrike outage has taken down most airports in India. I got my first hand-written boarding pass today 😅 pic.twitter.com/xsdnq1PgjrJuly 19, 2024
In terms of transport, it's not just planes that are suffering as a result of this Microsoft/Crowdstrike issue – in fact, far from it.
In the UK, Thameslink trains has put a statement on X stating: "⚠️ We are currently experiencing widespread IT issues across our entire network. Our IT teams are actively investigating to determine the root cause of the problem.
We are unable to access driver diagrams at certain locations, leading to potential short-notice cancellations, particularly on the Thameslink and Great Northern networks."
⚠️ We are currently experiencing widespread IT issues across our entire network. Our IT teams are actively investigating to determine the root cause of the problem.We are unable to access driver diagrams at certain locations, leading to potential short-notice cancellations,…July 19, 2024
The outage couldn't come at a worst time as schools in the UK and several other European countries will break today for the summer holidays, probably the busiest day of the year for airlines. Hundreds of thousands of passengers will be expected to travel over the next 24 hours to destinations across the globe.
The incident also happens a day after CHAPS, the global payment system that governs high value transactions, went down, putting tens of billions of dollars of business on hold.
Sky News is still down in the UK
If, like me, you turned on your TV this morning to watch Sky News, you'll have been greeted with this worrying message instead.
The channel hasn't been able to broadcast this morning due to the Windows workstations issues, during a time when it'd otherwise been reporting on, say, a massive global IT outage.
The presenter Jacquie Beltrao posted the below on X (formerly Twitter).
We’re obviously not on air - we’re trying 🤞@SkyNews Breakfast pic.twitter.com/ZKvVacRgUYJuly 19, 2024
Far more worrying than TV news channels being down is the fact that doctor's surgeries in the UK are apparently unable to book appointments.
"MAJOR ISSUE – NO ACCESS TO CLINICAL SYSTEM – NATIONAL PROBLEM" is how Grimethorpe Surgery in Barnsley, England reported it.
MAJOR ISSUE – NO ACCESS TO CLINICAL SYSTEM – NATIONAL PROBLEMWe have reported this problem to our clinical system provider and understand this is a nationwide problem. PLEASE CONTACT NHS 111 FOR MEDICAL HELP WHILE THE ISSUE IS BEING RESOLVED. pic.twitter.com/qVSMB8CdouJuly 19, 2024
This truly is a global outage – potentially one of the biggest we've ever seen. In fact, I've heard commentators refer to it as "the biggest IT outage ever".
In China, for instance, the South China Morning Post is reporting that there are massive queues at Hong Kong airport and that passengers are having to check in manually.
If you're due to fly anywhere today, good luck!
The list of companies seemingly impacted by this is the longest I've ever seen.
According to Down Detector in the US and UK, it's currently:
- Microsoft
- Microsoft 365
- BetMGM
- Amazon
- Visa
- Sainsbury's
- Tesco
- RyanAir
- Sky
- BT
- Ladbrokes
- Santander
- Nationwide
- Royal Mail
And the list just keeps getting longer.
I'd also suspect that the list might grow as the US wakes up and more people start discovering problems. Let's hope it's fixed soon.
So, who are Crowdstrike?
Crowdstrike is the biggest cybersecurity firm you've never heard of. One that like many operates in the shadows and is one of the most important cogs in the supply chain that links some of the biggest companies in the world.
It is essentially the watchdog and protector of websites and web services. Its popularity propelled it to mighty heights as it briefly surpassed a market capitalization of $100 billion just a few days ago.
Good news for gamers?
We have some good news for gamers at least, as it appears that Xbox Live is back online after an outage that lasted for over three hours. Owners of the Team Green machines were previously unable to sign into their accounts, use the online store, or join other players in online lobbies – forcing many of us to step outside for the first time in months.
Now, the official Xbox status page indicates that "all services" are currently "up and running." We booted up our own Xbox consoles to test this and can report that everything was functioning well, though some users on social media are suggesting that they are still experiencing issues.
It's little consolation, but those currently trapped in packed airports could now whittle down the hours in the queue with a cheeky game of Fortnite via Xbox Cloud Gaming.
Back to healthcare, and we have more reports surfacing of UK NHS primary care services being disrupted, as well some hospital infrastructure worldwide.
GTD Healthcare, a major supplier of NHS services in the North of England, states “Unfortunately there is a national issue with EMIS Web – the clinical computer system used within GP practices. This will affect our ability to book appointments/consult with patients. We apologise for the disruption. If you have a life-threatening medical emergency, please dial 999.
The Daily Mail is also reporting that Australia’s Triple Zero emergency service line is still in operation, but “some hospitals have been affected” in the country, although we don’t know to what extent.
Are hackers behind the global Windows IT crash?
Short answer: no. Early analysis of the situation point to an update that has gone very, very wrong. No hacker intervention needed.
It is not the first time that this has happened. A security analyst told TechRadar privately that "this is a major process breakdown, a combination of human and tech error, something that was obviously not tested properly," before adding, "don't take it as a criticism, something has clearly gone wrong that was not intended."
Even trillion-dollar companies – like Amazon Web Services and Microsoft – suffer wobbles from time to time. But none have impacted our lives, like the one we encountered today.
According to Toby Murray, associate professor at The University of Melbourne, Australia, the outage has been specifically linked to Crowdstrike's Endpoint Detection and Response (EDR) platform, Falcon.
Falcon is essentially a high-privilege piece of software designed to monitor and detect system intrusions – in other words, cyberattacks and malware – and then take action to respond to them. It's an oversimplification to just call Falcon (or any EDR platform) an antivirus program, but at the end of the day, it is designed to help keep businesses' computer systems safe from digital threats.
Because of this, though, Falcon has a lot of access to control elements of the system it's installed on. For example, it can shut off communications from a PC if it detects malware that is actively transmitting data to an external source. With that sort of control over the computers it's installed on – and Falcon is installed on a very large number of business systems – it makes sense that a Falcon malfunction could cause this sort of widespread outage.
In the UK, it's not just hospitals and airports that are suffering from the outage. Pubs, soccer clubs, and betting agencies have been hit, apparently leading to some local frustration about not being able to order a pint via app (although it's a bit early for that, surely?).
Over in Australia, the outage has affected a wide swathe of businesses and public services from police to local news teams – leading to this rather hilarious post on X from 10 News First:
#BREAKING: Widespread Microsoft outages have sent IT systems across Australia into a tailspin this afternoon, with banks, airlines, police, and other systems reported as being affected.(And humble news social team admins too, evidently. We're doing our best here. More to come.) pic.twitter.com/IM0LZARu5vJuly 19, 2024
CrowdStrike - a company on the grow
If you follow cybersecurity, you'll be well aware of who CrowdStrike are – as evidenced by the scale of the outage today, their software and systems help back up many of the world's biggest businesses.
Headquartered in Austin, Texas, the company, which was founded in 2011, boasts nearly 8,000 workers – and will be a familiar sight to fans of Formula 1, having sponsored the Mercedes F1 team for several seasons, its logo portrayed clearly on the car's front wing as well as the driver suits.
KLM says it's had to "largely suspend operations"
Airlines have been some the hardest hit by today's global IT outage, with the Federal Aviation Administration issuing a "global ground stop" earlier today. Now the Dutch airline KLM has made statement on how it's hitting frustrated fliers.
It says "we’re working hard to resolve the problem, but that until then "we will have to largely suspend operations". As KLM says, that's something of a nightmare all-round "in the midst of the summer holiday season". Solidarity to anyone who was planning to jet off today.
KLM and other airlines and airports have been affected by a global computer outage, making flight handling impossible. We realise that this is very inconvenient for our customers and staff, particularly in the midst of the summer holiday season. We’re working hard to resolve the… pic.twitter.com/O4gm7u0DIWJuly 19, 2024
Every cloud outage has a silver lining
On the bright side, it seems like corporate America is loving this. After all, what better day for a mass Blue Screen of Death attack than a Friday? The outage has been met with tangible glee by thousands of office workers across social media – although some have been left bemoaning the fact that their employer doesn't use Crowdstrike, and they're still going to have to work today.
Has your employer been hit by the Falcon/Microsoft outage? Did you log onto your personal computer to see a chilling blue hue this morning? Let us know on X/Twitter at @techradar!
IMPORTANT - 🚨🚨🚨Blue screen of death reported at multiple companies - Crowd Strike attackAre you also facing ??#Bluescreen #Microsoft#crowdstrike #Windows11 #Window pic.twitter.com/xRCPRSKZ5UJuly 19, 2024
The UK's National Health Service has some advice
The worst-case scenario for this global IT outage is the potentially life-threatening impact on health services. The UK's NHS has now issued a statement on what's happening, with its phone system fortunately unaffected.
An NHS spokesperson said: “The NHS is aware of a global IT outage and an issue with EMIS, an appointment and patient record system, which is causing disruption in the majority of GP practices.
“The NHS has long standing measures in place to manage the disruption, including using paper patient records and handwritten prescriptions, and the usual phone systems to contact your GP. There is currently no known impact on 999 or emergency services, so people should use these services as they usually would."
The spokesperson added: “Patients should attend appointments unless told otherwise. Only contact your GP if it’s urgent, and otherwise please use 111 online or call 111."
Welcome to a summer of all dangers
Hackers all over the world will rejoice at today's chaotic start of the summer holidays (at least here in Europe). Sysadmins all over the world will have to cancel their breaks (or worst, come back from their holidays) to deal with the fallout of what is rapidly turning into the biggest tech catastrophe of all times, the sort of scenario Hollywood script writers could only dream of.
Expect cybercriminals to work double shifts to identify which key systems can be penetrated should CrowdStrike's security platform be disabled on some impacted systems. I predict that phishing attempts are going to grow exponentially over the summer as attempts to convince anyone and everyone to install that innocent CrowdStrike app or click on that totally innocuous crowdstri.ke URL.
More from Microsoft?
Microsoft, which has been worst hit by this outage, causing a knock-on across global systems, has issued a brief statement.
The company has said it is, "aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming," according to The Verge.
Some important US phone numbers
911 lines are down in areas of several US states, with Alaska confirmed to be the worst affected. Official Alaska State Troopers social media has posted a number of direct phone numbers for emergency calls only, as seen below.
Due to nationwide technology-related outage, 911 is unavailable in all of Alaska per a notification my sister received from Willow Alaska Community Center and Alaska State Troopers Facebook page. Black Swan? pic.twitter.com/1zUStI3uHZJuly 19, 2024
Please stop blaming Bill Gates for this, folks
Users on Facebook and X/Twitter are ridiculing Bill Gates over this global outage, but to be fair this really isn't his fault.
Not only does the issue stem from a non-Microsoft product (Crowdstrike Falcon – although since Windows is the only OS affected, Microsoft does bear some part of the blame here), but Gates hasn't been CEO of Microsoft for more than two decades, even stepping down from the board of directors four years ago in 2020.
At this point his involvement with MS is minimal - go bother Satya Nadella instead, who has been notably silent on social media today.
Amazon Luna is down
Xbox Cloud Gaming might be back up and running, but that doesn't mean that every other cloud gaming service is currently functioning as intended. It looks as though Amazon Luna has been severely affected by the outage, leaving players unable to boot up any of their games. While we can't get into any games right now, even the Amazon Luna interface is currently sluggish, with long loading times even just when trying to navigate the store.
There's been no official word on this from Amazon yet, but we're noticing issues in both the US and UK. This will be undoubtedly be especially bad news for anyone who picked up one of the heavily discounted Luna Wireless Controllers over Amazon Prime Day. Maybe it's time to dig out an old-fashioned console and play some local games instead.
Light on the horizon?
Speaking of CEOs, CrowdStrike chief George Kurtz just posted an official comment on X, highlighting that the global outage is "not a security incident or cyberattack" and promising that his employees are "fully mobilized to ensure the security and stability of CrowdStrike customers".
Thankfully, it looks like outage reports on DownDetector have plateaued and are now starting to drop, meaning we might be approaching the end of this latest worldwide tech disaster.
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…July 19, 2024
What it's like at JFK airport right now
If you're not at an airport today, thank your lucky stars. Our colleague Kevin Addley (Future's SVP of Games, Entertainment, Technology and Sport) is currently trying to fly from New York City's JFK airport back to London – and is currently surrounded by confused crowds and screens showing the blue screen of death (as the photos below show).
Dozens of airports around the world have reported delays, including those in Berlin, Amsterdam, Budapest, Schipol, London Heathrow and more. But some, like London Gatwick, say that if you're planning to fly you should still arrive at your scheduled check-in time, despite the potential for delays.
All eyes on CrowdStrike
All financial markets are down this morning at the time of writing as companies scramble with the current chaotic situation caused by what seems to be a flaw in CrowdStrike Falcon.
The company reached its highest market capitalization on July 1st, hitting the $100 billion mark. Since then it saw its share price drop by nearly 12% as news broke about the software snafu. Fortinet and Palo Alto Networks, two rival companies, saw their stock price dip this morning.
It's not just Microsoft – AWS is affected, too
The outage continues to have knock-on effects across other platforms, with Amazon Web Services (AWS) also reporting issues related to its customers' usage of Windows systems.
"We continue to work on resolving the connectivity issues and reboots of Windows Instances, Windows Workspaces and Appstream Applications related to a recent update to the Crowdstrike agent (csagent.sys), which is resulting in a stop error (BSOD) within the Windows operating system," the company wrote in a service health update post.
AWS is recommending customers reboot their EC2 instances to try and recover access, and apply the latest CrowdStrike update as soon as possible.
"AWS services and network connectivity continue to operate normally," the company added.
How easy is it for a minor code tweak to bring the world to a screeching halt
Andreas Theodorou, who is our VPN expert at TechRadar, chimed in: “The CrowdStrike issue shows just how easy it is for a minor code tweak to bring the world to a screeching halt. All of this due to a supposed faulty channel file suggests a lack of care – surely this shouldn't have passed code review?
"This event has me worried because the sheer magnitude of its impact shows just how devastating a supply chain attack can be. IT services and suppliers should be increasingly diligent, and I would recommend investing in intruder detection software.”
What a shame this isn't real...
Everyone who isn't at an airport or working for a company hit by today's outages is seeing the lighter side of the problems.
Unfortunately, the Las Vegas Sphere isn't currently showing a Blue Screen of Death, but that hasn't stopped the photo below from flying around social media...
Microsoft Windows Users Right Now: pic.twitter.com/gE9bLNFr4qJuly 19, 2024
Could Charlotte have helped?
CrowdStrike’s flagship software platform, Falcon, uses an AI generative security analyst called Charlotte, to “accelerate investigation times and elevate everyone on your team — from novice to expert”.
Today’s cluster**** is essentially a software update gone very, very wrong and many will wonder why more extensive tests were not done to avoid such a calamity. Could artificial intelligence, aided by machine learning, have helped accelerating the testing process ahead of roll out?
Microsoft claims underlying problem is fixed
I'm seeing reports that Microsoft is claiming that the "underlying cause has been fixed."
The company also confirmed that Windows 365 Cloud PCs were affected by a recent broken CrowdStrike Falcon sensor software update, and that the cause has been fixed for Microsoft services (Microsoft 365 apps and Xbox Live went down earlier today).
This is promising news, but the fix might still take time to roll out globally.
As we mentioned in our Windows Blue Screen of Death crisis: what we know so far explainer, some security experts have released statements saying that rolling out the fix could take a while.
Tom Kidwell, Co-founder, Ecliptic Dynamics and former British Army and UK Government intelligence specialist, got in touch to say that "The outage impacting Windows devices this morning appears to have been caused by a driver update by CrowdStrike, bricking older windows devices and servers, which will be worst hit. Unfortunately for CrowdStrike, if that is the case, it could be nauseating to fix. Due to the nature of the update, an individual from every organisation will need to boot into safe mode, remove the issue file/driver, and then either roll back or update to a new version, something CrowdStrike will need to release very quickly."
“This is about people, process and technology”
We've also got some more expert commentary about what went wrong and how it could be fixed.
Tesserent cyber solutions by Thales was one of the first organizations to propose a workaround for the Crowdstrike software meltdown. Mark Jones, senior partner at the firm, told us “this is about people, process and technology. Technology can fail but what underpins it is good people and good process.
CrowdStrike has issued a rapid automatic fix and also released manual steps to help organisations restore normal operation. If an organisation can’t issue the automatic solution and needs to undertake the manual steps then that will be more time consuming to deploy across their environment. Technology updates happen regularly and this underscores the need for organisations to have business continuity plans in place for when technology fails unexpectedly so they can get their operations restored to normal as fast as possible.”
Even Formula 1 affected
As we noted earlier, sports fans might know CrowdStrike from its sponsorship of the Mercedes F1 Formula 1 team. The partnership also sees the company supply Mercedes with software and services, and it seems the team has been affected by the issues ahead of the first practice session for this weekend's Hungarian Grand Prix.
RaceFans says a Mercedes spokesperson has confirmed the team is manually addressing the problem on each computer it uses, with other teams which use Mercedes engines (McLaren, Aston Martin and Williams) also affected.
“We are working closely with our partners at CrowdStrike to mitigate any impact,” the Mercedes spokesperson added.
Kaspersky throws shade
In what is a rather... bold move, security company Kaspersky has put out a rather cheeky tweet about the problems facing people using rival CrowdStrike's services.
You wouldn't see this with any of our products (just sayin.) 🤷 pic.twitter.com/39veWooFioJuly 19, 2024
Why do I call it 'bold'. For a start, a security company using an ongoing issue affecting people across the globe to score points against a rival isn't a great look. Keeping people secure is supposed to be cyber security firms' number one priority, which is why they often work together and share information despite also being rivals.
Also to say that using Kaspersky products means you won't ever see a Blue Screen of Death is quite a big claim, and as people have been keen to point out underneath that tweet, it's not true.
Finally, Kaspersky has recently been banned from selling products in the US due to its Russian origins. So, the company isn't in the strongest position to crow about the failures of a competitor.
As I thought, Kaspersky's tweet isn't going down too well.
You sure about that? pic.twitter.com/8uK6hWCqQcJuly 19, 2024
I'm seeing a lot of reports about travel chaos, especially at Airports. If you are traveling today, it's definitely worth going to the website of the airline you'll be using to see what advice they give.
While it might be advisable to get to the airport earlier than usual, a lot of photos I'm seeing suggest there's a lot of crowds and chaos, so you might be best holding off until systems are all back online. Again, your airline's website or social media channels should have more information and guidance.
Other forms of public transport such as trains are also affected across the globe.
Could deliveries be affected?
One knock-on effect of this could be delayed deliveries across the world, according to Parcelhero’s Head of Consumer Research, David Jinks M.I.L.T. "Delayed flights and issues with IT systems at airports will impact airfreight. Not only will slots for dedicated airfreight flights be disrupted, but many international goods and packages are transported not only in specially designed cargo planes but also in the cargo holds of passenger aircraft. 1,000 flights globally were reported to have been cancelled by Friday mid-morning."
Parcelhero is a price comparison website for courier services, so will likely have a good idea of the impact this could have - it certainly makes sense: if airplanes and trains are delayed or cancelled for travellers, it's likely that's also happening for freight services as well.
With many people expecting their Prime Day purchases to arrive in the coming days, that could be a big blow.
Are we too reliant on the same software?
One of the main reasons why a bug in a single update has caused so much widespread chaos across the globe is because so many institutions and services rely on CrowdStrike's software.
If there was a greater mix of similar services that businesses use, then the impact might not have been so catastrophic.
Jake Moore, Global Security Advisor at ESET, a cyber security firm, as stated that "Another aspect of this incident relates to “diversity” in the use of large-scale IT infrastructure. This applies to critical systems like operating systems (OSes), cybersecurity products, and other globally deployed (scaled) applications. Where diversity is low, a single technical incident, not to mention a security issue, can lead to global-scale outages with subsequent knock-on effects."
Of course, breaking up CrowdStrike's apparent dominance would benefit a rival like ESET, but Moore's point is still important, and in the aftermath of this global situation, many businesses will be considering alternatives, I'm sure.
Services continuing to go back online
Looking at DownDetector, a useful resource for keeping an eye on services that customers are reporting as having issues, it seems quite a few services are recovering from the incident, with user reports about problems affecting Xbox Live, Microsoft 365 and Ryanair all beginning to drop.
This is encouraging, but some services, such as Amazon, Whatsapp and Ladbrokes in the UK are having increased reports of problems. This might be unrelated to the ongoing CrowdStrike problems, but it's safe to say this is far from over.
Good news for Linux distros and Apple?
While CrowdStrike is (rightfully) taking the brunt of the blame for this, Microsoft is also catching some flack, as it's only affecting Windows PCs (as confirmed by CrowdStrike's CEO).
Whether it's fair or not, this could cause further reputational damage to Microsoft and its Windows operating system. Google Trends is showing a spike in searches for macOS, Linux, Debian and Ubuntu - all rival operating systems to Windows 11 (those last two are Linux distributions).
While the popularity of Windows may not take a major hit - swapping operating systems for all PCs in a business is a huge task, and with macOS it would mean also moving to Macs and MacBooks - there is a danger that the perception of Windows 11's reliability for critical systems will be severely hit.
Chances of direct hacker abuse right now very low, says security expert
Adrianus Warmenhoven, a cybersecurity expert at NordVPN, told us: “If the cybercriminals know exactly what the update is supposed to be fixing in detection and response AND they know of any exploits that would have been protected by the latest update AND assuming that the fix or update is not just an improvement (efficiency, staging for new features that are not live yet, API cleanup etc....), well, then, and only then, might they be able to abuse it.
"So as a short answer: on individual systems that are directly affected by this: highly unlikely. It might be a different matter if security infrastructure is dependent on services that were down because of that bug. This, of course, is always the case with 'as a service' infrastructure components. The complexity is such that one can not make generalized statements at this moment, but it would be entirely within the realms of possibility that bad coding or bad architecture decisions could give attackers an advantage when the supporting infra is failing.”
Turn it off and on again (15 times)?
Microsoft has issued its own advice on a potential fix for those people who are still struggling with Blue Screen of Death problems: turn it off and on again. The catch? It may take up to 15 attempts.
The fix concerns virtual machines running Windows Client and Windows Server and the CrowdStrike Falcon agent, which may get stuck in a reboot loop. Microsoft says you can try to reboot "Using the Azure Portal - attempting 'Restart' on affected VMs" or "Using the Azure CLI or Azure Shell."
However, it adds that "We've received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage."
CrowdStrike chief executive apologises
It's safe to say that George Kurtz, head of CrowdStrike, is not having the best of days today, and has been on NBC where he said his company was "deeply sorry for impact that we’ve caused to customers."
He also reiterated that the issue was caused by a security update that caused problems with Windows. Microsoft might not be too happy about being associated with this major problem.
Be careful when updating
A faulty update to software has been identified as the problem affecting thousands, possibly millions, of PCs across the world, triggering Blue Screen of Death errors.
This has highlighted how updating system-critical devices can be very risky. In many of our guides on how to update Windows 11, we recommend always making sure you have backed up your data beforehand. Even though updating your operating system is easier than ever, things can still go wrong - very, very wrong.
When we're talking about updating PCs on a huge scale - such as in businesses - this is even more important, and many IT departments will be looking at ways they can mitigate an issue like this in the future.
One possibility is holding off updating until the update has been widely rolled out, and when no issues have been reported, updating the system. However, while this is advisable for individual users, businesses cannot afford to hold off on implementing important security updates.
So, the onus is on providers of those updates to make sure that any update rolled out is thoroughly tested. It seems that was not the case here, and CrowdStrike will have a lot of very angry customers demanding to know why.
US services confirm outages
While Australian and European companies have been working hard to fix the world-wide issues, companies in the US are starting to announce further problems.
The Federal Aviation Administration has cancelled around 1,400 commercial flights, and airports are becoming increasingly crowded and chaotic as flights get cancelled and delayed.
With over half of New York flights now delayed due to faulty CrowdStrike update, FlightAware Misery Map for Friday morning shows vulnerability to cyber incidents. pic.twitter.com/uPxzgBi6RAJuly 19, 2024
The Department, and the Cybersecurity and Infrastructure Security Agency in the US is working with CrowdStrike and Microsoft to make sure federal and state systems are not impacted, or fixed if they are.
The Department, and the Cybersecurity and Infrastructure Security Agency (@CISAgov) are working with CrowdStrike, Microsoft and our federal, state, local and critical infrastructure partners to fully assess and address system outages.July 19, 2024
Now this is an amazing photo - a United Airlines employee stood in front of a screen that's supposed to show flight departures, but is instead showing a Blue Screen of Death error message. Sums up the day pretty well, I think.
Charlotte Douglas International Airport (CLT) in North Carolina, an incredibly busy airport, has released guidance saying that passengers should not come to the airport unless they have confirmation their flight is taking off.
Update 7:32 a.m.: Due to the ongoing global technology impacts, CLT advises passengers to not come to the airport unless they have confirmed their flight information with the airline.July 19, 2024
I expect we'll see similar announcements throughout the day from other airports.
Our Editor at Large, Lance Ulanoff, has been appearing on a range of shows today giving his expert opinion on what's going on and what it means for people around the world.
Tech Expert @LanceUlanoff breaks down the complex technical issues involved in the widespread #Microsoft outage - https://t.co/mJ1PnRTkdK pic.twitter.com/ef40Ie2PQYJuly 19, 2024
Some businesses are having to resort to good old fashioned pen and paper while their systems are down.
The Microsoft / CrowdStrike outage has taken down most airports in India. I got my first hand-written boarding pass today 😅 pic.twitter.com/xsdnq1PgjrJuly 19, 2024
It's not just airports that are suffering from this outage - many businesses including banks and shops are having major issues.
"Some people had to go home"Bankers across the world have been hit by the global tech outage, with everything from deals to commutes affected@sonalibasak breaks down the impact on global finance: https://t.co/kDa0C0KrLr pic.twitter.com/hz2G7q8rA9July 19, 2024
There's reports in the UK that some shops are having to put up "cash only" signs, as they are unable to process card payments.
Our very own Lance Ulanoff has popped up again!
How bad is this outage? @LanceUlanoff tells @rosannascotto and I it’s among the worst in history - and for perspective.. it’s what many people thought “Y2K” would be all those years ago. #Y2K #Microsoft365 #outage pic.twitter.com/PB45FCRg6hJuly 19, 2024
Hospitals across the globe have been impacted, with the NHS in the UK, along with hospitals in Germany and Israel reporting problems, with some appointments cancelled.
It looks like it's also happening in the US, with several hospitals there announcing non-urgent procedures and appointments are cancelled.
A major worldwide software outage has affected many of our systems at Mass General Brigham, as well as many major businesses across the country. Due to the severity of this issue, all previously scheduled non-urgent surgeries, procedures, and medical visits are cancelled today.… pic.twitter.com/uqYz5XEHF7July 19, 2024
Lance has popped up on CNN as well!
A bit of me on @CNN this morning talking about the #CloudStrike outage pic.twitter.com/0tckiXxxujJuly 19, 2024
Many payroll services seem to be affected and this could result in employees in the US who are paid every two weeks, rather than monthly, being paid late.
The ramifications of this outage could be felt far and wide for a long time to come.
Our computing editor, Christian Guyton, has a great piece called "Outage to outrage: why today's global Windows disaster could be tomorrow's digital apocalypse" where he explains how this major outage happened and what it could mean for the future.
Definitely worth a read.
You know earlier I said that this whole fiasco could impact businesses trust in Microsoft? I'm not the only one thinking that.
This CrowdStrike outage is 100% going to get ITDS looking at Mac for systems nowI think for a lot of what windows is used for now, even with MDM software, Mac will be better but it’s the investment in IT Department support that’ll hold it back. Mac machines can do all windows…July 19, 2024
Personally, I think any company thinking of moving from Windows after this would be better off looking at migrating to Linux, rather than macOS.
You can get Linux running on ex-Windows PCs, whereas for macOS, you need to buy a Mac, which could prove very costly if you are replacing a large amount of PCs.
Here's an interesting visual of how this outage has impacted flights in the US.
12-hour timelapse of American Airlines, Delta, and United plane traffic after what was likely the biggest IT outage in history forced a nationwide ground stop of the three airlines. pic.twitter.com/wwcQeiEtVeJuly 19, 2024
I can only imagine what airports are like right now.
Fixing this mess could take 'days and weeks'
BCS, the Chartered institute for IT in the UK, has released a statement saying that it could take 'days and weeks' to recover from this.
Adam Leon Smith, a BCS Fellow and a cyber security expert, explained that "in some cases, the fix may be applied very quickly, but because it has to be applied to so many computers around the world, that may take longer than it sounds. But if computers have reacted in a way that means they're getting into blue screens and endless loops it may be difficult to restore, and that could take days and weeks."
Interestingly, Smith suggests that this could have been even worse if the issue had affected Linux, as the open-source operating system is used more widely than Windows for critical systems.
Wes Streeting, the UK health secretary, has posted on X about the issue, which is impacting hospitals in the UK, and throughout the world.
This is having a particular impact on GP appointments and electronic prescribing.Please bear with your local GPs if they’re grappling with this on top of normal pressures.My department is working closely with colleagues across government. https://t.co/uc1WQF4cmyJuly 19, 2024
US flight cancellations hit almost 3,000
According to FlightAware, there have been almost 3,000 cancellations in the US today alone. That number is going to climb throughout the day.
UPS warns of possible delivery delays
UPS, one of the biggest courier services in the world, has made a statement on its website warning of possible delays to deliveries.
"While the UPS network is operating and delivering in all areas, there is a potential for delivery delays due to a global technology outage. Contingency plans are in place to help ensure that shipments arrive at their final destinations as quickly as possible."
Just like UPS, FedEx also warns of potential delays for packages set to be delivered today, July 19, 2024, with a statement appearing on its website.
"FedEx has activated contingency plans to mitigate impacts from a global IT outage experienced by a third party software vendor. However, potential delays are possible for package deliveries with a commitment of July 19, 2024. FedEx is committed to providing the best service possible."
"Not a security or cyber incident. Our customers remain fully protected."
After apologizing earlier, Crowdstrike's CEO George Kurtz has posted a new statement on X (formerly Twitter) about today's incident.
The statement notes that it was an "issue with Falcon content updated for Windows Hosts," not a "security or cyber incident." And that the team understands just how disruptive and inconvenient it's been, stating that Crowdstrike is "working with all impacted customers to ensure that systems are back up."
Suffice to say, though, this massive IT outage is still causing issues on a global scale.
Today was not a security or cyber incident. Our customers remain fully protected.We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can…July 19, 2024
"We are aware of this issue," says Microsoft CEO
Microsoft CEO and Chairman Satya Nadella has finally commented on the ongoing Crowdstrike outage via a post on X (formerly Twitter), but it doesn't provide much new information.
Nadella writes that Microsoft is aware of the issue and is working with Crowdstrike and partners to help bring customers' systems back online. He also notes that Crowdstrike released the update yesterday, on July 18, 2024, and has impacted IT systems worldwide since.
Yesterday, CrowdStrike released an update that began impacting IT systems globally. We are aware of this issue and are working closely with CrowdStrike and across the industry to provide customers technical guidance and support to safely bring their systems back online.July 19, 2024
A delay in getting coffee
Beyond airlines, the Crowdstrike-caused outage also impacts folks who simply want to get a coffee. Folks have taken to X (formerly Twitter), noting that Starbucks' order ahead feature via the mobile app is down, and some locations are closed due to the outage.
Another impact of today's tech meltdown: Some @Starbucks closed today because of global IT outage #Crowdstrike #microsoft @KABCRadio @MottekOnMoney #coffee pic.twitter.com/nhvSfLIgEUJuly 19, 2024
Everyone is talking about Crowdstrike and the global outage across critical infrastructure but what really concerns me is that Starbucks order ahead is down. pic.twitter.com/11Ck29v8T3July 19, 2024
It appears that at least one location has found a workaround by taking orders with pen and paper.
Props to @Starbucks baristas at Penn Station. Old school paper, pen, sharpies defeat @CrowdStrike blue screen of death. pic.twitter.com/rySynhZgmDJuly 19, 2024
Our Editor At Large Lance Ulanoff is back on CNN giving an update on the Crowdstrike situation.
Back on @CNN with a #Crowdstrike update pic.twitter.com/InkeCgGVTiJuly 19, 2024
A big apology
CrowdStrike CEO George Kurtz knows he has some explaining to do and though the company does not yet have the full details and insights into what caused today's global IT and Windows meltdown, he vowed this afternoon (NY time) on X (formerly Twitter) "to provide full transparency on how this occurred and the steps we’re taking to prevent anything like this from happening again."
Kurtz shared an official statement sent to customers and partners reiterating mostly known details about the failure. Among the key points:
- This was not a security or cyberattack
- They quickly identified the issue and deployed a fix
- The root cause was a defect found in a Falcon content update for Windows hosts
- CrowdStrike's Falcon system (the main one affected) is now operating normally
- They mobilized "all of CrowdStrike" to help partners and customers
Kurtz and CrowdStrike get points for speed and transparency but that may not shield them from the ire of customers and even consumers affected by this global outage. As we recover and life returns to normal, we'll soon see what sort of fallout awaits the cyber security firm.
All of CrowdStrike continues to work closely with impacted customers and partners to ensure that all systems are restored.I’m sharing the letter I sent to CrowdStrike’s customers and partners. As this incident is resolved, you have my commitment to provide full transparency on…July 19, 2024