Software

CrowdStrike bug shuts down Microsoft systems worldwide, grounding flights

While the problem was resolved, fixing it requires restarting computers—possibly more than a dozen times.
article cover

Francis Scialabba

less than 3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

A massive cyber outage on July 18 and 19 took down systems across the world, impacting a wide array of organizations from airlines to hospitals, from media organizations to banks.

The outage was reportedly not the result of a cyberattack but rather because of a Microsoft glitch related to cybersecurity vendor CrowdStrike’s Falcon product. Falcon is detection software that acts similarly to antivirus software, finding and attacking potential threats.

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” the company said in a statement. “Mac and Linux hosts are not impacted. This was not a cyberattack.”

The tick-tock. According to Microsoft, the problem began at 7pm UTC on Thursday after a Falcon bug check put virtual machine systems into a “restarting state.” The company added that while the problem was resolved, fixing it would require restarting computers—possibly more than a dozen times.

“We have received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage,” Microsoft reported.

By late morning Friday the problems persisted. Mass General Brigham canceled nonurgent visits, and around 1,500 US flights were canceled; another 4,000 were delayed.

“Today CrowdStrike becomes a household name,” Wedbush’s Dan Ives and other analysts wrote in a note to investors, “but not in a good way.” Kevin Beaumont, Arcadia Group’s director of emerging threats, predicted on X that “this will be the biggest ‘cyber’ incident worldwide ever in terms of impact, most likely.”

Warning sign. Outpost24 CSO Martin Jartelius said in an emailed comment that the outage helped show what a major attack could do to global systems. He likened the outage to “a supply chain attack.”

“If an attacker had backdoored such an update to open systems to attacks or to encrypt them, the exact same systems would have been impacted,” Jartelius wrote. “This is why supply chain attacks and defense [have] been increasingly important.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.