What caused the Microsoft IT outage that broke flights, banks and trains across the world?

One piece of software appears to have brought airports and TV stations to a standstill

Andrew Griffin
Sunday 21 July 2024 05:31 EDT
Comments
Microsoft collapse sparks chaos at Manila airport in the Philippines

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

A widespread computer outage left flights grounded, TV stations offline and much of the world’s infrastructure not working on Friday.

Cyber security experts said the outage was “unprecedented” in its reach, affecting many of the world’s biggest companies.

The cause of the problems was initially mysterious: Windows computers showed a blue screen of death, or BSOD, as if they had just spontaneously stopped working.

But as the outage has spread over Friday, the cause of the problems has become more clear.

The issue appears to be related to a faulty update at cyber security company CrowdStrike. That appears to have been installed overnight – leaving computers unable to turn on properly afterwards.

The company has since rolled back the update. But that does not fix those computers that have already been affected by the problems.

Representatives have given a workaround that involves turning the computer on in a special mode and then deleting the problem file. But that requires administrators to access a computer – which may be difficult when they are being used remotely.

CrowdStrike has said it is “aware of reports of crashes on Windows... relating to the Falcon sensor.” Falcon is a piece of software that monitors computers and watches for anyone trying to break into them.

To do so, it requires extensive access to the central parts of the computer. That means that any bugs in the software can have a widespread and deep impact – as the world found on Friday.

Callers to the company’s technical support phoneline have been met with a recorded phone message saying they are aware of issues on Friday morning. CrowdStrike has advised affected customers to log on to their customer service portal for assistance.

Toby Murray, associate professor in the School of Computing and Information Systems at The University of Melbourne, Australia, said it was possible a “buggy” update to one of global cybersecurity firm CrowdStrike‘s products may have been the cause of the global outage.

“CrowdStrike Falcon has been linked to this widespread outage,” he said.

“CrowdStrike is a global cyber security and threat intelligence company. Falcon is what is known as an Endpoint Detection and Response (EDR) platform, which monitors the computers that it is installed on to detect intrusions - hacks - and respond to them.

“That means that Falcon is a pretty privileged piece of software in that it is able to influence how the computers it is installed on behave.

“For example, if it detects that a computer is infected with malware that is causing the computer to communicate with an attacker, then Falcon could conceivably block that communication from occurring. If Falcon is suffering a malfunction then it could be causing a widespread outage for two reasons - one: Falcon is widely deployed on many computers, and two: because of Falcon’s privileged nature.

“Falcon is a bit like anti-virus software: it is regularly updated with information about the latest online threats (so it can better detect them). We have certainly seen anti-virus updates in the past causing problems. It is possible that today’s outage may have been caused by a buggy update to Falcon.”

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in