Trending Topics

Global IT outage linked to faulty security update

CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts

Global Internet Outage

Travelers wait in line at Baltimore/Washington International Thurgood Marshall Airport in Baltimore, Friday, July 19, 2024.

AP Photo/Stephanie Scarbrough

By Michael Grothaus
Fast Company

The world is waking up to a global IT outage that has affected everything from emergency services to air travel to banks. The outage has now been linked to a faulty automated security update from cybersecurity firm CrowdStrike Holdings, which was pushed out to its customers’ computers. Here’s what you need to know.

What’s happened?
Tens of thousands of Windows PCs across the world are experiencing the Blue Screen of Death this morning after cybersecurity firm CrowdStrike pushed out an automatic update to its security software on its clients’ machines.

The update inadvertently contained a bug that forced machines that received it to crash, resulting in the Blue Screen of Death, the screen that appears on a Windows PC when there has been a critical error in the software.

Due to this bug and its resulting system crashes, services that rely on these computers are also down across the world.

Is this a cyberattack?
No. As of the time of this writing, there are no indications that the global outage is a cyberattack or hack. It appears to all stem from a bug in an update to third-party cybersecurity software used on some Windows computers.

Are all Windows PC affected?
No. It’s important to note that this outage is not the result of a flaw in Windows itself. Rather, it is a flaw with Windows security software provided by the independent cybersecurity company CrowdStrike.

Because of this, only PCs running the impacted CrowdStrike software are affected, and not every Windows PC across the world. CrowdStrike’s services are used by scores of Fortune 500 companies.

What services and businesses are impacted?
Numerous types of businesses and services are impacted in countries around the world, these include:

  • Hospitals and doctor’s offices
  • Airlines
  • Grocery stores
  • Banks
  • Retail stores
  • Emergency services
  • Small, medium, and large companies

The above list is an example of the types of institutions around the world that have been reported to be impacted in some way. Not all these types of institutions are impacted in all countries.

In some countries, impacted hospitals have had to revert to manual analog ways of processing patients in order to keep operating. At many airports, check-in counters were unable to process travelers. And in many retail stores, manned and self-checkout machines ceased to function. There have also been reports on social media that many restaurants and small businesses have had to revert to using cash only since payment terminals have also been affected.

What is CrowdStrike?
CrowdStrike Holdings, Inc. is a publicly-traded company that was founded in 2013. It is headquartered in Austin, Texas.

The company provides endpoint security software—this is software that its customers can push to all the individual devices in their company, be it their employee’s work laptops or a retailer’s point-of-sale terminals.

What has CrowdStrike said?
In a post on X, CrowdStrike president and CEO George Kurtz confirmed the issue seems to have been due to a bug in CrowdStrike software.

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts…,” Kurtz wrote. “This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”

Are Mac and Linux computers affected?
No. If you have a Mac or a Linux computer, the CrowdStrike bug will not affect your system. It will only affect Windows PCs running CrowdStrike’s software that received the faulty software update.

When is a fix coming?
CrowdStrike says it has already identified and issued a fix for the error.

But there seems to be a hiccup. Some Windows PCs that are experiencing the Blue Screen of Death may need to be manually rebooted into Safe Mode or the Windows Recovery Environment so the fix can be implemented. This means that a human being may need to manually access some of the PCs that are impacted.

For companies and organizations with large in-house IT teams, this will be annoying, but at least they have the manpower to do this. However, many smaller and medium-sized businesses rely on third-party IT support, often remote.

Those support companies may need to send their IT technicians out into the field to help fix the problem on the individual PCs. But given how many individual clients those support companies have, it could take a while for their technicians to make the rounds.

How has Wall Street reacted to this?
When it comes to CrowdStrike stock, not well. As of the time of this writing shares of Crowdstrike Holdings (ticker: CRWD) are currently trading down over 14% to around $294 per share.

Fast Company © 2024 Mansueto Ventures, LLC.
Distributed by Tribune Content Agency, LLC.

Trending
Millions of first responders and other public employees would soon see a boost in their monthly payments after Congress repealed decades-old reductions
Helping a fall patient back into bed, a chair or onto the ambulance cot should launch risk mitigation in the patient’s home to prevent future falls
Paying tribute to the memory of those who made the ultimate sacrifice in service to their communities
Bibb County Fire Department rescue divers will have access to new gear due to funding provided to the sheriff’s office, which does not have a dive team