The major Microsoft IT outage on Friday that grounded flights, sent TV stations off air, and disrupted online hospital systems has been linked to a third party—a cybersecurity technology firm named CrowdStrike.
CrowdStrike’s CEO George Kurtz has spoken out about the outage, apologizing for the disruption caused.
As the fallout from the event continues to impact people worldwide, here’s a breakdown of how exactly CrowdStrike is involved and what transpired.
What caused the Microsoft outage?
Early Friday, companies in Australia running Microsoft’s Windows operating system started reporting devices showing, what is commonly referred to as, the “blue screen of death.” According to Microsoft’s website, this happens “if a serious problem causes Windows to shut down or restart unexpectedly.”
These disruptions then spread rapidly, impacting companies and communities around the world. The U.K., India, Germany, the Netherlands, and the U.S., reported disruptions. Meanwhile, United, Delta, and American Airlines issued a “global ground stop” on all flights.
The cause of this outage came from a faulty update from CrowdStrike, deployed to computers running Microsoft Windows. The issue was specifically linked to Falcon, one of the companies main products, which does not impact Mac or Linux operating systems.
Launched in 2012, CrowdStrike’s cybersecurity software is now used by 298 of Fortune 500 companies, including banks, energy companies, healthcare companies, and food companies.
According to David Brumley, professor of electrical and computer engineering at Carnegie Mellon University, this was a perfect storm of issues. “Their code is buggy, and it was sitting there as a ticking time bomb,” Brumley says.
He says there are three steps cybersecurity teams should typically implement when rolling out an update. First, there should have been rigorous software testing to catch bugs; second, there should have been testing on different types of machines; and third, the roll out should have been slow with smaller sets of users to screen for negative ramifications.
“Companies like Google will roll out updates incrementally so if the update is bad, at least it will have limited damage,” says Brumley.
How has CrowdStrike responded to the outage felt worldwide?
Appearing via a video link on The Today Show on Friday, CrowdStrike’s CEO delivered an apology to the public.
“We're deeply sorry for the impact that we've caused to customers, to travelers, to anyone affected by this, including our companies,” Kurtz said. “That update had a software bug in it and caused an issue with the Microsoft operating system... we identified this very quickly and remediated the issue.”
Kurtz was clear that this was not a cybersecurity issue nor an attack of any kind, but a problem coming from inside the company.
Though they’ve deployed the changes necessary to help remedy the issue, customers are still having issues, and it may be some time before systems across the globe are all fully operational.
In a statement emailed to TIME, CrowdStrike said that they are “actively working with customers impacted by a defect found in a single content update for Windows hosts.”
They also clarified, once more, that the issue is not a security incident, and that the problem has been “identified, isolated, and a fix has been deployed.”
Kurtz has also shared this information on his personal X (formerly Twitter) account.
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…
— George Kurtz (@George_Kurtz) July 19, 2024
Microsoft 365 posted on X that the company was “working on rerouting the impacted traffic to alternate systems to alleviate impact” and that they were “observing a positive trend in service availability.”
TIME has reached out to Microsoft 365 for further comment.
On The Today Show segment, Kurtz said that CrowdStrike has been on the phone with customers all night, and that the issue was resolved for many when they rebooted their systems. However, he says the company will not “relent until we get every customer back to where they were and keep the bad guys out of their systems.”
If hosts are still crashing and unable to stay online to download CrowdStrike’s fix, the company has provided a workaround to the issue on its blog.
This issue may only get more pronounced as large cybersecurity firms serve more and more people. “What we’re seeing and what we’ll continue to see is a huge consolidation in the cybersecurity department, and that’s why we're seeing so many people affected at once,” Brumley says. “We need to be asking, ‘What choices can we give people if companies mess up?’”
