Microsoft Outage Impacts Airlines, Media, Banks & Businesses Globally
IT outage causes major disruptions around the world, after Crowdstrike update allegedly triggers Microsoft outages
Global IT outage crippled countless systems around the world on Friday, after a software update linked to cybersecurity firm Crowdstrike impacted Microsoft systems across the world.
The global IT outages on Friday 19 July 2024 resulted in outages at major banks, media outlets, airlines and countless businesses, after problems with Microsoft’s operating systems and products caused blue screens of death.
The affected PCs and servers were knocked offline, and forced into a recovery boot loop which saw machines unable to restart properly.
Crowdstrike statement
The colossal outage is not a result of a cyberattack said US-based Crowdstrike, but was caused by “a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted.”
“The issue has been identified, isolated and a fix has been deployed,” said Crowdstrike. “We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.”
“We further recommend organisations ensure they’re communicating with CrowdStrike representatives through official channels,” it added. “Our team is fully mobilised to ensure the security and stability of CrowdStrike customers.”
The IT outages have not just impacted critical infrastructure and services in the UK, but also many countries around the world.
Indeed, so serious is the outage that the British government has begun a COBRA meeting in response to the crisis.
Crowdstrike’s share price has tanked nearly 15 percent in pre-market trading to $293.21.
Microsoft in a service update stated that the “impact has been resolved following our mitigation efforts,” on late Friday morning.
Industry reaction
“IT outages are being reported across the world due to a rogue Crowdstrike update. So far the outage has affected airports, banks, railways and the media, with Sky News being left unable to broadcast this morning,” said Mark Lloyd, Business Unit Manager at Axians UK.
This outage is a stark reminder of how dependent the world is on cloud services,” said Lloyd. “From productivity tools to critical infrastructure, a large chunk of technology runs on cloud platforms. This outage showcases the immense power and reach these services hold.”
Preparedness requirement
“This Microsoft IT outage demonstrates the need for more robust and resilient solutions, so that when these issues do arise, they can be resolved quickly without causing such widespread customer chaos and security risk,” added Mark Jow, security evangelist at Gigamon.
“Preparedness is key – every IT and security vendor must have a robust system in place across its software development lifecycle to test upgrades before they are rolled out to ensure that there are no flaws within the updates,” said Jow.
Day off
“Many people might be thanking Microsoft for their accidental day off, but countless businesses are suffering due to Microsoft’s and their partners’ failure to maintain their services,” said Al Lakhani, CEO of IDEE.
“This incident underscores the importance of businesses thoroughly researching and vetting their cybersecurity solutions before implementation,” said Lakhani. “Microsoft clearly fell short in this regard, and we are witnessing a cascade of operational failures around the world as a result.”
“CrowdStrike’s platform approach, which relies on a single agent focused on detection, might seem good at first glance, but as we can see, it can create significant issues,” said Lakhani.
“The lesson here is blindingly obvious: investing in cybersecurity is not just about acquiring the latest or most popular tools but ensuring those tools are reliable and resilient,” said Lakhani. “This is why businesses must prioritise agentless solutions like MFA 2.0, which reduce the risk of widespread failures and ensure more resilient defences.”
Nauseating to fix
“The outage impacting Windows devices this morning appears to have been caused by a driver update by CrowdStrike, bricking older windows devices and servers, which will be worst hit,” noted Tom Kidwell, Co-founder, Ecliptic Dynamics and former British Army and UK Government intelligence specialist.
“Unfortunately for CrowdStrike, if that is the case, it could be nauseating to fix,” said Kidwell. “Due to the nature of the update, an individual from every organisation will need to boot into safemode, remove the issue file/driver, and then either roll back or update to a new version, something CrowdStrike will need to release very quickly.”
“Incidents like this highlight the vulnerability in using a single supplier on such a vast scale, and why it’s critical that organisations have a backup plan,” said Kidwell. “Best practice for vendors is to pressure test any updates before rollout, however this can be difficult when you serve 60-90 percent of the world.”