What caused the Microsoft IT outage that broke flights, banks and trains across the world?

Support truly
independent journalism

Support Now

Find out moreClose

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Editor

A widespread computer outage left flights grounded, TV stations offline and much of the world’s infrastructure not working on Friday.

Cyber security experts said the outage was “unprecedented” in its reach, affecting many of the world’s biggest companies.

The cause of the problems was initially mysterious: Windows computers showed a blue screen of death, or BSOD, as if they had just spontaneously stopped working.

But as the outage has spread over Friday, the cause of the problems has become more clear.

The issue appears to be related to a faulty update at cyber security company CrowdStrike. That appears to have been installed overnight – leaving computers unable to turn on properly afterwards.

The company has since rolled back the update. But that does not fix those computers that have already been affected by the problems.

Representatives have given a workaround that involves turning the computer on in a special mode and then deleting the problem file. But that requires administrators to access a computer – which may be difficult when they are being used remotely.

CrowdStrike has said it is “aware of reports of crashes on Windows... relating to the Falcon sensor.” Falcon is a piece of software that monitors computers and watches for anyone trying to break into them.

To do so, it requires extensive access to the central parts of the computer. That means that any bugs in the software can have a widespread and deep impact – as the world found on Friday.

Callers to the company’s technical support phoneline have been met with a recorded phone message saying they are aware of issues on Friday morning. CrowdStrike has advised affected customers to log on to their customer service portal for assistance.

Toby Murray, associate professor in the School of Computing and Information Systems at The University of Melbourne, Australia, said it was possible a “buggy” update to one of global cybersecurity firm CrowdStrike‘s products may have been the cause of the global outage.

“CrowdStrike Falcon has been linked to this widespread outage,” he said.

“CrowdStrike is a global cyber security and threat intelligence company. Falcon is what is known as an Endpoint Detection and Response (EDR) platform, which monitors the computers that it is installed on to detect intrusions - hacks - and respond to them.

“That means that Falcon is a pretty privileged piece of software in that it is able to influence how the computers it is installed on behave.

“For example, if it detects that a computer is infected with malware that is causing the computer to communicate with an attacker, then Falcon could conceivably block that communication from occurring. If Falcon is suffering a malfunction then it could be causing a widespread outage for two reasons - one: Falcon is widely deployed on many computers, and two: because of Falcon’s privileged nature.

“Falcon is a bit like anti-virus software: it is regularly updated with information about the latest online threats (so it can better detect them). We have certainly seen anti-virus updates in the past causing problems. It is possible that today’s outage may have been caused by a buggy update to Falcon.”