technology

CrowdStrike issue causes major outage affecting businesses around the world


Major global cyber outage hits airlines, banks and media outlets, impacting millions

An update by cybersecurity firm CrowdStrike led to a major IT outage on Friday, impacting businesses around the world.

CrowdStrike told NBC that it is in the process of rolling back the update that caused the issue, and later said a fix for the defect had been deployed.

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted,” CEO George Kurtz said in a statement on X .

“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”

He added that customers should refer to the support portal for the latest updates and work with their CrowdStrike representatives through official channels.

Kurtz apologized to those impacted in an interview on the NBC program “TODAY” early Friday.

“I want to start by saying we’re deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this, including our company,” he said.

“The system was sent an update, and that update had a software bug in it and caused an issue with the Microsoft operating system. And now we are working with each and every customer to make sure that we can bring them back online.”

Kurtz added that the update was normal and part of the company’s routine process to prevent security risks, but noted that an investigation would be required to see what went wrong.

The confirmation came after widespread reports of technical issues, with many Microsoft users around the world facing an error screen known as the “blue screen of death .”

Readers Also Like:  48 hours till payroll, $200,000 to go: diary of a bank failure

CrowdStrike shares were down about 11% on Friday, while Microsoft was little changed.

Watch CNBC's full interview with CrowdStrike CEO George Kurtz

‘A major outage’

Airlines, hospitals and financial services firms were among the many businesses affected.

American Airlines , which describes itself as the world’s largest, said a technology issue was affecting “multiple carriers” including American, while the Dutch arm of Air France-KLM said it had been “forced to suspend most” of its operations.

In Great Britain, the Royal Surrey hospital declared a “critical incident” and had to temporarily suspend radiography treatment. The National Health Service in England, meanwhile, said it was experiencing disruptions in the majority of doctors’ practices.

Banks and financial companies around the world have reported issues, with German insurance giant Allianz saying it was “experiencing a major outage that is impacting employees’ ability to log into their computers. It impacts multiple companies besides Allianz.”

NBCUniversal is also being affected by the CrowdStrike outage.

See the latest updates on which companies are affected here.

‘unprecedented’

Satnam Narang, senior staff researcher at Tenable, told CNBC on Friday that the outage was having a “profound impact” and was unique in its size and scope.

“The challenge here is that security software — because it’s doing its job to protect organizations — it has to have more privileged access to these machines,” he said.

“So … while people may be seeing these as Windows failures, they’re looking at it and seeing a little blue screen pop up, it’s not actually a Windows issue, it’s related to a faulty or bad update from those security software. “

Readers Also Like:  Weird and wonderful Welsh fossils reveal marine life from 462,000,000 years ago

Narang added, “We’ve never seen anything like this before, it’s very unprecedented.”

Omer Grossman, CIO at cybersecurity firm CyberArk, said the damage caused by this outage will be “dramatic.”

“The glitch is due to a software update of CrowdStrike’s EDR product. This is a product that runs with high privileges that protects endpoints. A malfunction in this can, as we are seeing in the current incident, cause the operating system to crash,” he said in an emailed comment.

Getting back online is unlikely to be easy, according to Grossman.

“It turns out that because the endpoints have crashed – the Blue Screen of Death – they cannot be updated remotely and this the problem must be solved manually, endpoint by endpoint. This is expected to be a process that will take days,” he added .

Disclosure: NBCUniversal is the parent company of NBC and CNBC.

Don’t miss these insights from CNBC PRO



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.