- IT systems across the world are suffering widespread outages.
- Disruptions have hit everything from airports and banks, to retailers and healthcare providers.
- Crowdstrike's CEO blamed a defect in an update for Windows, highlighting the fragility of global IT.
If the world needed a wake-up call on just how fragile its IT systems are, it just got one: a small update gone wrong appears to be the culprit for a total global meltdown.
Airlines, banks, supermarkets, and healthcare providers stretching from Japan and Australia to the UK, Switzerland and Singapore had computer services go down since Thursday night, disrupting operations at the heart of the modern economy.
On Friday, some JP Morgan employees found they could not log into the bank's systems, Bloomberg reported. Malfunctions have hit Norway's central bank, too.
In Japan, cash register issues at McDonald's branches have forced the closure of almost a third of the fast food chain's stores. Computers at Australian retailer Woolworths among many others have experienced the "blue screen of death."
Meanwhile, airports and airlines on several continents had to delay or ground flights and healthcare systems in Britain were down.
The outages appear to have emerged after Microsoft reported problems with its online services, linked to an issue at cybersecurity giant CrowdStrike.
CEO George Kurtz said on X the issue was caused by a "defect found in a single content update for Windows" with a fix now deployed.
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…
— George Kurtz (@George_Kurtz) July 19, 2024
Austin-based Crowdstrike is a giant of the online security industry, having been added to the S&P 500 in June and making itself a vital vendor of cybersecurity software to some of the world's most powerful companies, governments, and institutions.
The company, founded in 2011, saw its reputation soar as it found itself playing an integral role in handling some of the most high-profile cybersecurity cases of the past decade, such as the Democratic National Committee hack in 2016, and the Sony Pictures breach in 2014.
That meant Crowdstrike was playing the vital role of protecting online operations for a huge number of organizations. But if the past 24 hours have proven anything, it's that widespread reliance on a single company has the potential to cause serious problems.
"The severity of the problem boils down to how long it lasts. A few hours' disruption is unhelpful but not a catastrophe. Prolonged disruption is another matter, potentially causing damage to companies and economies," said Dan Coatsworth, investment analyst at AJ Bell.
A Microsoft spokesperson said it was "aware of an issue affecting Windows devices due to an update from a third-party software platform," and that it anticipates a "resolution is forthcoming."
Bug check
According to Microsoft's Azure status page, it's a particular issue with Crowdstrike's "Falcon agent" that was affecting systems. The Falcon agent is meant to act as a sensor to detect and block attacks on IT systems, as well as track and record threats as they happen to give companies as quick an insight as possible into looming risks.
Microsoft's status page notes that the agent "may encounter a bug check" of its own and "get stuck in a restarting state." In other words, the agent meant to detect bugs is getting checked to see if it's a bug itself — and causing problems as a result.
Omer Grossman, global chief information officer at online security firm CyberArk, noted that CrowdStrike's product in question "runs with high privileges" across the devices and systems they're meant to protect in different company networks, meaning a malfunction can be brutal.
Grossman also noted how easy it can be for a malfunction to occur. Causes could range from human error — if, say, there was a "developer who downloaded an update without sufficient quality control," he said — to "the complex and intriguing scenario of a deep cyberattack."
Crowdstrike said in a statement that the outage was not caused by a "security incident or cyberattack."
It's far from clear how long it will take to clean up now. Brody Nisbet, who runs the company's threat-hunting operations, summed up the situation in three words on X: "It's a mess."