A CrowdStrike software update caused a global crash of Windows systems, impacting critical services
A major IT failure occurred when a software update from cybersecurity firm CrowdStrike Holdings Inc. caused numerous Microsoft Windows systems to crash worldwide, as reported by BNN Bloomberg.
Both Microsoft Corp. and CrowdStrike have deployed fixes, and systems are being restored. Despite this, many bankers in Hong Kong, doctors in the UK, and emergency responders in New Hampshire faced significant disruptions for several hours.
Alan Woodward, professor of cybersecurity at Surrey University, described the situation as “unprecedented,” emphasizing the substantial economic impact.
This failure highlights the vulnerability of global supply chains, as many critical industries rely heavily on a few software vendors, making them single points of failure. Hackers have increasingly targeted these vendors, causing widespread disruptions in various sectors and governments.
In addition to the CrowdStrike incident, Microsoft encountered a separate issue with its Azure cloud service, which lasted several hours on Thursday. By Friday afternoon, Microsoft announced on X that all Microsoft 365 apps and services were restored.
By Friday morning in New York, many systems were back online. CrowdStrike’s CEO, George Kurtz, confirmed in a post on X before 6 am that the fault was identified and a fix was implemented, which required manually rebooting Windows machines.
CrowdStrike’s technical support suggested that up to 15 reboots might be necessary for some systems.
Microsoft later confirmed it had resolved the underlying cause of its IT issue.
The incident significantly impacted CrowdStrike’s market value, with shares dropping 11 percent at 9:45 am in New York trading, resulting in a loss of about US$7.4bn. Earlier in the day, shares had fallen as much as 15 percent, marking the largest intraday decline since February.
Microsoft shares remained mostly stable at $437.65.
Similar outages have occurred in the past. In 2017, errors within Amazon’s cloud service disrupted tens of thousands of websites. In 2021, issues at Fastly took down several media websites, including Bloomberg News. Amazon’s AWS cloud service has also faced disruptions.
However, the scale of the CrowdStrike outage was unprecedented, affecting airlines, banks, and healthcare systems, with ongoing repercussions.
Troy Hunt, an Australian security consultant, called it the largest IT outage in history on social media platform X.
Airlines experienced significant delays and cancellations. Airport hubs from Berlin to Delhi struggled with stranded passengers. FlightAware reported over 21,000 flight delays globally.
United Airlines and Delta Air Lines began resuming operations on Friday, but disruptions are expected to continue for several days. Other US carriers, including American Airlines and Spirit Airlines, also temporarily grounded flights.
The London Stock Exchange Group resolved an issue preventing the publication of news via RNS, a service used for distributing regulatory announcements. Several banks switched to backup systems during the failure.
Bankers at JPMorgan Chase, Nomura Holdings, and Bank of America experienced login issues, while Haitong Securities' trading desk was down for about three hours.
Emergency services were also affected. UK doctors couldn't access scans, blood tests, or patient histories. Memorial Sloan Kettering Cancer Center and Mass General Brigham reported patient care disruptions. European hospitals closed clinics and canceled procedures.
In New York, 911 and emergency systems were impacted. While fixes are in progress, full restoration remains unclear. New Hampshire’s emergency 911 services are operational again after a failure where operators could see calls but couldn’t answer them.