Americans are waking up this morning to discover that the whole world isnât working properly. Itâs a crisis that has spread around the planet, grounding flights, shutting down hospital procedures, and causing worldwide travel chaos, and itâs all because of a single software update by cyber-security firm Crowdstrike.
According to Crowdstrike, which is usually the place big companies turn to for help during cyberattacks, an update to their software has caused Microsoftâs Windows operating system to crash, resulting in the infamous Blue Screen of Death. Given Crowdstrike works with 25,000 businesses, and how integral Windows is to the running of so many of the worldâs computers, this error has had monumental consequences.
American Airlines grounded all its flights this morning (although as of 6.30 a.m. says theyâre beginning to run again), alongside many other airlines around the world. KLM reported that the circumstances made âflight handling impossible.â At the time of writing, Deltaâs flights were still all paused.
KLM and other airlines and airports have been affected by a global computer outage, making flight handling impossible. We realise that this is very inconvenient for our customers and staff, particularly in the midst of the summer holiday season. Weâre working hard to resolve the⊠pic.twitter.com/O4gm7u0DIW
â KLM (@KLM) July 19, 2024
In Australia and Europe, where the outages have had a greater effect due to their days starting hours earlier, hospitals have reported having to cancel operations, while in the UK almost all GP practices had to stop seeing all but the most urgent patients.
Captain on my United flight just said we canât take off because a computer system on the plane just crashed. Stuck at the gate
â Billy Becker (@thenetmonkey) July 19, 2024
Grocery stores found they couldnât take payments, DCâs Metro stopped running, entire TV networks were unable to broadcast, and in Alaska, 911 systems broke down.
In the last few minutes, Crowdstrike has confirmed that its software appears to be the cause, after many other major firms speculated that this was the case. The company released a statement saying that the âdefectâ had been found, and that âa fix has been deployed.â The firm also made clear that this wasnât a cyberattack. Hereâs the statement in full:
Crowdstrike is actively working with customers impacted by a defect found in a single content update for Windows hosts.
Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.
The issue has been identified, isolated and a fix has been deployed.
We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.
We further recommend organisations ensure theyâre communicating with Crowdstrike representatives through official channels.
Our team is fully mobilised to ensure the security and stability of Crowdstrike customers.
Crowdstrike CEO George Kurtz spoke to NBCâs Today this morning, during which he apologized for the âimpact that we caused to customers, travelers, to anyone affected by this.â
He added during the live interview, âItâs been a long night but we are rebooting systems. So, it could be some time for some systems, that just automatically wonât recover. Our mission is toâŠmake sure every customer is fully recovered.â
The BBC in the UK is also reporting that it wonât be as simple as rolling out a patch. Given the issue is causing computers to BSOD, an enormous amount of the fix could involve hands-on rebooting of machines, and Crowdstrike is very widely used. The BBCâs correspondent reported, âItâŠappears to be not something that can be fixed with a central command from an IT administrator in a firmâs HQ. They will need to go and reboot each and every computer affected.â
https://www.bbc.co.uk/news/live/cnk4jdwp49et?post=asset%3Aaa4aaf4d-41e5-45f0-af97-592fd14ef4be#post
Comparisons are being drawn with 2017âs WannaCry cyberattacks in terms of the scale of the problems caused, however many places that were affected are reporting that services are resuming as the morning goes on.
This will lead to enormous questions in the coming days over how vulnerable the modern internet is to something as simple as a single software update. 2024âs internet doesnât represent that of twenty years ago, with three companies now running almost everything: Microsoft, Amazon and Google. When something affects just one of these three, the results are international and catastrophic, as weâve seen today.
https://twitter.com/embed/status/1814218333203415443
However, at least Kotaku is still running.
Updated: 07/19/2024, 8:23 a.m. ET: Added information about Crowdstrike CEO George Kurtzâs confirmation and apology.
