Crowdstrike global outage: When will the Microsoft issue be fixed?

Cybersecurity firm CrowdStrike confirmed an update had affected customers using Microsoft Windows around the world

Rob Freeman
Monday 22 July 2024 08:51 BST
Timelapse: How global Microsoft IT outage grounded flights across US

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Experts have warned it could take weeks for systems to fully recover from a global outage which has seen disruption including flight delays and cancellations.

A flawed update rolled out by CrowdStrike, one of the world’s largest cybersecurity providers, knocked many offline around the world on Friday, causing flight and train cancellations and crippling some healthcare systems.

Here is a closer look at what we know about the incident

What exactly has happened?

CrowdStrike chief executive George Kurtz confirmed the issue was caused by a “defect in a single content update for Windows hosts” – in short, a flaw in a software “sensor configuration” update pushed out to customers.

He said a fix had been deployed for a bug in an update which affected Microsoft Windows PCs, causing many to crash, some displaying the so-called “blue screen of death”, and become unusable. CrowdStrike confirmed Apple Mac and Linux users were unaffected

IT infrastructure at businesses and institutions around the world collapsed, taking many businesses and their online services offline.

In an interview with NBC’s Today Show in the US, Mr Kurtz said the incident was not a cyber attack, while a technical statement from CrimeStrike on Saturday said a “sensor configuration” had “triggered a logic error” which the company said had been corrected.

Passengers in the South Terminal at Gatwick Airport (Brian Lawless/PA)
Passengers in the South Terminal at Gatwick Airport (Brian Lawless/PA) (PA Wire)

What is the scale of the impact?

Substantial – around the world, banks, supermarkets and other major institutions saw services disrupted, while many businesses were unable to take digital payments or access key databases.

NHS England said “the majority of GP practices” had experienced disruption and ambulance services reported increases in 999 and NHS 111 calls from patients who were unable to contact other NHS providers, while the National Pharmacy Association said pharmacies had seen issues “including the accessing of prescriptions from GPs and medicine deliveries”.

Airlines reported being unable to process passengers and resorted to manually checking in customers at airports around the world with 167 flights departing from the UK and 171 incoming cancelled on Friday. Aviation analytics company Cirium said 5,078 flights – or 4.6% of those scheduled – were cancelled globally.

Govia Thameslink Railway warned passengers to expect disruption because of “widespread IT issues” while Sky News was forced off air briefly on Friday morning, while customers faced issues with attempting to pay using cards.

How has CrowdStrike responded?

Mr Kurtz said he is “deeply sorry” for the situation and said CrowdStrike was “actively working” with those impacted.

Saying the issue had been “identified” and that a “fix has been deployed”, he said his team was “fully mobilised to ensure the security and stability of CrowdStrike customers”.

A person views a check-in display at Edinburgh Airport (Andrew Milligan/PA)
A person views a check-in display at Edinburgh Airport (Andrew Milligan/PA) (PA Wire)

In a letter to customers and partners, Mr Kurtz said: “We know that adversaries and bad actors will try to exploit events like this.

“I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives.”

How long will the issue take to be rectified?

Industry expert Adam Leon Smith of BCS, the Chartered Institute for IT, warned it could take “weeks” for all computers and systems to be fully restored, while Mr Kurtz said it would take “some time”.

He told NBC: “Some of the systems that aren’t recovering, we’re working with them, so it could be some time for some systems that just automatically won’t recover, but it is our mission to make sure that every customer is fully recovered and we’re not going to relent until we get every customer back to where they were and we’ll continue to protect them and keep the bad guys out of their systems.”

Cybersecurity experts said it is good news that the issue has only impacted Windows users and a fix having been deployed should mean larger IT departments can quickly begin restoring services, while Microsoft deputy chief information security officer Ann Johnson said they could not predict how long it would take to get all customers back online.

Signs of disruption are likely to remain into the weekend with the National Pharmacy Association warning pharmacy services are likely to see delays as outlets deal with a backlog of medicine deliveries while airports across the UK stressed that passengers should check with airlines for any delays or cancellations before travelling over the weekend.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in