Computer systems at businesses and public services around the globe were disrupted after a botched update of a widely used cybersecurity program took down Microsoft Corp. systems.
CrowdStrike Holdings Inc. Chief Executive Officer George Kurtz posted on X on Friday that the fault had been identified and “a fix has been deployed,” adding that it wasn’t a cyberattack. Compounding the issue, Microsoft also reported an apparently unrelated problem with its Azure cloud service.
Hitting airlines, banks and healthcare systems, there have been few outages of this scale. The cascading failures underscore vulnerabilities of the modern economy and the central role of security software, which has deep access to operating systems.
“This is unprecedented,” Alan Woodward, professor of cybersecurity at Surrey University, told Bloomberg News. “The economic impact is going to be huge.”
The scale of the disruption reflects the enduring ubiquity of Microsoft’s Windows, and the sizeable adoption of CrowdStrike’s security software. Windows is installed on more than 70% of machines, according to StatCounter, and CrowdStrike is the global leader in modern corporate protection software, according to estimates by research firm IDC.
Although its software is designed to thwart threats, CrowdStrike customers posted blue error screens to social media as they were prevented from accessing laptops and corporate computers.
McDonald’s Corp., United Airlines Holdings Inc., and the LSE Group were among the major companies to disclose issues from communications to customer service. Airports from Singapore to Zurich were impacted. The New York subway said arrival information is unavailable for most of its lines, but services are operating. Bloomberg terminals were operating as normal.
Microsoft said it was “aware of an issue affecting Windows devices due to an update from a third-party software platform.” The company said it fixed a separate glitch affecting Microsoft 365 apps.
The outages weighed on several sectors, including airlines, insurers and stock exchange operators. Shares in CrowdStrike sank 20%, while Microsoft fell 2.9%.
Past disruptions have been less severe. In 2017, a series of errors within Amazon.com Inc.’s cloud service affected the operation of tens of thousands of websites. In 2021, issues at content delivery network Fastly took out several media networks including Bloomberg News and there were separate disruptions at Amazon’s AWS cloud service.
“I don’t think it’s too early to call it: this will be the largest IT outage in history,” Troy Hunt, an Australian security consultant and creator of the hack-checking website Have I Been Pwned, said in a post on social media platform X.
The first glitches emerged in the US late on Thursday and were blamed on the failure of Microsoft services Azure and 365, the company’s internet-based office software suite.
Problems linked to CrowdStrike then surfaced hours later in Asia and rippled across systems in Europe. As the US commute got underway, the New York subway said arrival information was unavailable but trains and buses were still running.
This article was provided by Bloomberg News.