(Bloomberg) — A mistake in updating a widely used cybersecurity program took down Microsoft Corp.’s systems, disrupting computer systems for businesses and public services around the world.
Most read articles on Bloomberg
CrowdStrike Holdings CEO George Kurtz posted on X on Friday that the outage had been identified and a “fix has been deployed,” adding that it wasn’t a cyberattack. Microsoft has also reported apparently unrelated issues with its Azure cloud service, further complicating matters.
Microsoft cloud software outages: Live updates
Outages on this scale that hit airlines, banks and healthcare systems are rarer than most, and the cascading failures highlight the fragility of the modern economy and the central role of security software with deep access to the operating system.
“This is unprecedented,” Alan Woodward, a cybersecurity professor at the University of Surrey, told Bloomberg News. “The economic impact will be massive.”
The scale of the disruption reflects the enduring popularity of Microsoft’s Windows and the widespread adoption of CrowdStrike’s security software: Windows is installed on more than 70% of machines, according to StatCounter, and research firm IDC estimates CrowdStrike is the global leader in modern enterprise protection software.
The company’s software is designed to block threats, but CrowdStrike customers have been posting blue error screens to social media because they can’t access their laptops or company computers.
McDonald’s Corp., United Airlines Holdings Inc. and LSE Group Inc. are among major companies that disclosed problems from communications to customer service. Airports from Singapore to Zurich were affected. The New York Subway said arrivals information was unavailable on most lines but they were running. Bloomberg terminals were operating normally.
Click here for a live blog on the outage.
Microsoft said it was “aware of an issue affecting Windows devices caused by a third-party software platform update.” The company said it had fixed a separate flaw affecting Microsoft 365 apps.
The outage weighed heavily on several industries, including airlines, insurers and stock exchange operators. CrowdStrike shares fell 20% and Microsoft fell 2.9%.
Past outages have been less severe: In 2017, a series of errors within Amazon.com Inc’s cloud services affected the operation of tens of thousands of websites. In 2021, issues with content delivery network Fastly halted the operation of several media networks, including Bloomberg News, and another outage occurred on Amazon’s AWS cloud services.
“I don’t think it’s too early to tell. This will be the biggest IT outage in history,” Troy Hunt, an Australian security consultant and founder of hack-checking site Have I Been Pwned, said in a post on social media platform X.
The first glitches occurred in the United States late Thursday and were blamed on outages in Microsoft’s internet-based office software suites, Azure and 365.
Problems related to CrowdStrike surfaced hours later in Asia and spread to European systems. As the U.S. rush hour began, the New York subway said arrival information was unavailable, though trains and buses continued to run.
–With assistance from Mayumi Negishi, Shauna Ghosh, Kati Pohjampalo, Celeste Perry, and Danny Lee.
(Updated regularly)
Most read articles on Bloomberg Businessweek
©2024 Bloomberg LP
