7.19.24 – SecurityInfoWatch.com Staff
Crowdstrike, a cybersecurity firm that lists Microsoft among its clients, said an update to its Falcon Sensor software, a system that offers “real-time threat protection,” is at the heart of the issue.
A sweeping technology outage, seemingly triggered by issues involving widely used Microsoft systems, grounded flights, disrupted businesses worldwide and knocked banks offline on Friday.
Crowdstrike, a cybersecurity firm that lists Microsoft among its clients, said an update to its Falcon Sensor software, a system that offers “real-time threat protection,” is at the heart of the issue.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted,” CEO George Kurtz said in a statement on X.
“This is not a security incident or cyberattack,” he continued. “The issue has been identified, isolated and a fix has been deployed.”
Microsoft also acknowledged the outage, telling users Friday that “the underlying cause has been fixed, however, residual impact is continuing to affect some Microsoft 365 apps and services.”
It added: “We’re conducting additional mitigations to provide relief.”
The Federal Aviation Administration Friday morning it was continuing to “work closely with airlines as they work to resume normal operations. Ground stops and delays will be intermittent at various airports as the airlines work through residual technology issues.”
The Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA) said in statements on X they were “working with CrowdStrike, Microsoft and federal, state, local and critical infrastructure partners to fully assess and address system outages.”
Where the Trouble Started
The turmoil began for many late Thursday night — with Microsoft users around the world hit with error screens — and persisted into Friday morning. A big screen outside Macy’s at Herald Square in New York featured the so-called “blue screen of death” and a “Recovery” message, though most services in the city are operating as usual, albeit with some adjustments.
A spokesperson for Mayor Eric Adams’ office posted on social media, saying, they are aware of “the global technical outage involving CrowdStrike and are currently assessing the full impact it may have on city operations.” Emergency operations, including the 911 call system, have not been impacted.
“FDNY IT and Communication teams implemented our redundancy procedures upon notification of the Crowdstrike outage,” the FDNY’s chief spokesman Jim Long said in a statement.
“Dispatchers and Field Units communicated over the department radios limiting any operational impact,” he continued. “Updates to follow as we work through this event.”
Police officers and other first responders have similarly relied on radio as their department issued phones and many desktop computer functions have been rendered unusable by the outage.
The Metropolitan Transportation Authority noted that buses, subways, the Long Island Railroad and Metro-North trains are running normally, though “some MTA customer information systems are temporarily offline.”
Airlines Heavily Affected
Those traveling by air have been significantly less lucky. Major U.S. carriers including Delta, United and American Airlines grounded flights Friday morning due to communication issues triggered by the widespread outage.
And without access to check-in and booking services, long lines have formed, snaking their way through airports in Europe and Asia as well as the United States.
As of Friday morning, more than 600 flights into, out of or within the United States had been canceled, according to FlightAware.com. That included more than 100 flights across the three major airports in the New York City area. JFK, LaGuardia and Newark Liberty in New Jersey have also seen more than 300 flights delayed, according to flight tracking data.
“The FAA is closely monitoring a technical issue impacting IT systems at U.S. airlines,” the FAA posted on social media. “Several airlines have requested FAA assistance with ground stops until the issue is resolved.”
Some travelers trapped at airports shared videos online of the chaos while others snapped photos of the blue error screens taking over giant displays in airports.
Outside the travel sector, banks and financial companies around the world have experienced issues, including the London Stock Exchange, which reported problems with its data and news platform.
German finance giant Allianz said it too was “experiencing a major outage that is impacting employees ability to log into their computers.”
Hospitals and medical facilities, left unable to access patient and appointment information, have similarly been bogged down by the outage. In Great Britain, the Royal Surrey hospital declared a “critical incident” and had to temporarily suspend radiography treatment.
The National Health Service in England, meanwhile, said it was experiencing disruptions in the majority of doctors’ offices. Non-emergency operations were also suspended at German hospitals due to the snafu.
Meanwhile, in the U.S., the Harris Health Quentin Mease Health Center in Houston similarly canceled all elective procedures and outpatient care, while Mass General Brigham in Boston has canceled “all previously scheduled non-urgent surgeries, procedures, and medical visits are cancelled today.”
In Boston, Mass General Brigham hospitals called off “non-urgent” visits and surgeries, flights out of Logan Airport were delayed and the Registry of Motor Vehicles was also struggling with many services, the Boston Herald reported. Mass General said it was not able to access clinical systems, including patient health records and scheduling.
In Houston, the city’s ports, amongst the largest in the world, were closed to shipping traffic, including both their Barbours Cut and Bayport container terminals.
The outage also caused flight delays out of George Bush Intercontinental and William P. Hobby airports but by late Friday morning the airports were fully operational with no reported ground stops. Harris Health System canceled most outpatient clinic appointments and elective hospital procedures.
The outage was also massively affecting South Florida’s airports. At Miami International Airport, the outage was “affecting all airlines [and] is currently delaying departures and arrivals.
Multiple airports in Pennsylvania and beyond have reported long lines and delays, reported Pennlive.com. Harrisburg International Airport that “numerous flights are experiencing delays or cancellations.” Scott Miller, a spokesperson for Harrisburg International Airport said the first 11 flights of the day were either delayed or canceled.
Miller added that the system was getting back up, but that it could take days before flights were running smoothly again.
Denver’s Regional Transportation District suspended light rail lines, canceled trains and warned of slowed service Friday due to “communications failures” amid the chaos from global technology outages and computer issues, The Denver Post reported. Outages also hit the Colorado Division of Motor Vehicles and some police and fire agencies.
Unprecedented Disruption
Experts said CrowdStrike pushed a content update that caused Windows hosts to be locked in a perpetual BSOD loop. It relates to the Falcon Sensor and does not affect Mac or Linux.
Because the issue is with the endpoints (the BSOD) fixes cannot be deployed remotely, so end users had to manually solve the issues system by system, booting an affected computer in safe mode and manually deleting the problematic file before rebooting the host normally.
CrowdStrike has around 25% market share and is used by countless firms globally. The firm said transportation appeared to be most heavily affected. Alaska and Ohio were seeing major 911 outages and offer alternative numbers for those affected to use instead.
Crowdstrike launched in 2012 and currently has the “world’s most advanced cloud-native platform that protects and enables the people, processes and technologies that drive modern enterprise.” The company has a partnership with Amazon Web Services and its Falcon for Defender is designed to supplement Microsoft Defender to prevent attacks.
The scale of the disruption reflects the enduring ubiquity of Microsoft’s Windows, and the sizeable adoption of CrowdStrike’s security software, noted Bloomberg. Windows is installed on more than 70% of machines, according to StatCounter, and CrowdStrike is the global leader in modern corporate protection software, according to estimates by research firm IDC.
McDonald’s Corp., United Airlines Holdings, Amazon Web Services, Instagram, eBay, Visa, AT&T and payroll software ADP and LSE Group were among the major companies to disclose issues from communications to customer service.
“This is a very, very uncomfortable illustration of the fragility of the world’s core internet infrastructure,” said Ciaran Martin, a professor at Oxford University’s Blavatnik School of Government and former Head of Britain’s National Cyber Security Centre, in an interview with The Associated Press.
“All of these systems are running the same software,” Cyber expert James Bore told AP. “We’ve made all of these tools so widespread that when things inevitably go wrong — and they will, as we’ve seen — they go wrong at a huge scale.”
The Associated Press, The New York Daily News, The Boston Herald, Pennlive.com, Bloomberg, and The Atlanta Journal-Constitution contributed to this report.