A widespread series of technical glitches disrupted services at airlines, banks, and the London Stock Exchange on Friday, leading to a cascade of failures from the US to Asia. These disruptions coincided with a significant outage across Microsoft’s online services, raising questions about the interconnectedness and resilience of global digital infrastructure.
Among the major corporations affected were McDonald’s Corp., United Airlines Holdings Inc., and the LSE Group. These companies reported various issues with their customer service communications, highlighting the extensive impact of the disruptions. The issues appeared to stem from problems with Microsoft services and cybersecurity firm CrowdStrike Holdings Inc.’s software.
Microsoft and CrowdStrike at the Center of the Disruptions
The first signs of trouble emerged late on Thursday in the US when Microsoft services, including Azure and 365, began to fail. Denver-based Frontier Airlines, a unit of Frontier Group Holdings Inc., was forced to ground flights for over two hours. The airline eventually lifted the nationwide pause on departures and resumed flights from 11 p.m. New York time.
The London Stock Exchange Group (LSEG) reported a global technical issue preventing the publication of news, while in Asia, Japanese users experienced glitches with Microsoft 365 in the afternoon. Airlines at Mumbai and Hong Kong airports had to revert to manual check-ins due to these disruptions.
Microsoft’s status pages indicated that Azure and Microsoft 365 experienced problems for several hours, and the company stated it was investigating issues with cloud services in the US. The company’s spokesperson mentioned they were looking into the situation, while CrowdStrike representatives were unavailable for immediate comment outside normal business hours.
CrowdStrike Update Causes Major IT Outage
An update by CrowdStrike led to a significant IT outage on Friday, impacting businesses globally. George Kurtz, CEO of CrowdStrike, confirmed that a defect in a single content update for Windows hosts caused the issue. He emphasized that the problem was not a security incident or cyberattack, and a fix had been deployed.
“This issue has been identified, isolated, and a fix has been deployed,” Kurtz said in a statement on X, formerly Twitter. “Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
The technical issues led to many Microsoft users encountering the infamous “blue screen of death,” causing significant disruptions. Airlines, banks, telecom firms, and other businesses reported widespread problems.
Global Impact and Responses
American Airlines, which describes itself as the world’s largest airline, reported a technology issue affecting multiple carriers. The Dutch arm of Air France-KLM stated it had been “forced to suspend most” of its operations. Spain’s airport authority AENA warned travelers to expect delays due to an “incident in the computer system,” and UK airline Ryanair advised passengers to arrive at airports at least three hours before their scheduled departure time due to a third-party IT outage.
Banks and financial companies around the world also faced issues. The London Stock Exchange reported problems with its data and news platform, while German finance giant Allianz experienced a major outage affecting employees’ ability to log into their computers. Visa reported no direct impact on payment processing but acknowledged reports of people being unable to make payments.
CrowdStrike’s Efforts and Workarounds
CrowdStrike told NBC that it was in the process of rolling back the update that caused the issue and advised customers to refer to the support portal for the latest updates. The company provided a workaround for affected users, involving booting Windows into Safe Mode or the Windows Recovery Environment (WRE), locating and deleting a specific file in the system directory, and then rebooting normally.
Expert Opinions and Future Implications
Cybersecurity experts warned that the damage caused by the outage could be dramatic. Omer Grossman, CIO at cybersecurity firm CyberArk, explained that the issue was due to a software update of CrowdStrike’s Endpoint Detection and Response (EDR) product, which runs with high privileges to protect endpoints. He noted that the malfunction could cause the operating system to crash, leading to the blue screen of death.
“Getting back online is unlikely to be easy,” Grossman said. “Manual fixes are going to take time for system admins to apply, and CrowdStrike can’t push a new update remotely to fix this. It will require manual intervention on each system.”
Adam Harrison, managing director at FTI Cybersecurity, echoed these sentiments, highlighting the challenge of resolving the issue for large companies with thousands of systems. “The fix itself is quick to perform, but scaling that up to thousands of servers and workstations will make it a bad day in the office for many folks,” he said.
Ian Thornton-Trump, CISO at Cyjax, suggested that CrowdStrike might develop a tool to apply the fix at the disk level, such as bootable media, which could help reduce recovery times but would not fully solve the problem remotely or at a large scale.
Moving Forward
As businesses around the world continue to grapple with the fallout from the outage, the incident underscores the vulnerability of global digital infrastructure to technical glitches and software defects. The interconnected nature of modern business operations means that a single update gone wrong can have far-reaching consequences, affecting multiple sectors and regions.
CrowdStrike’s response to the crisis and the effectiveness of the deployed fix will be closely watched by industry experts and affected companies. In the meantime, businesses must focus on restoring normal operations and implementing measures to prevent similar incidents in the future.
The incident also serves as a reminder of the importance of robust disaster recovery plans and the need for companies to be prepared for unexpected technical disruptions. As the world becomes increasingly reliant on digital services, ensuring the resilience and security of these systems will be crucial to maintaining business continuity and safeguarding against future outages.
A widespread series of technical glitches disrupted services at airlines, banks, and the London Stock Exchange on Friday, leading to a cascade of failures from the US to Asia. These disruptions coincided with a significant outage across Microsoft’s online services, raising questions about the interconnectedness and resilience of global digital infrastructure.
Among the major corporations affected were McDonald’s Corp., United Airlines Holdings Inc., and the LSE Group. These companies reported various issues with their customer service communications, highlighting the extensive impact of the disruptions. The issues appeared to stem from problems with Microsoft services and cybersecurity firm CrowdStrike Holdings Inc.’s software.
