Microsoft outage causes historic global impact
A glitch in a security update has wreaked unprecedented havoc on Microsoft systems around the world.
The incident, which did not result from any type of cyberattack, occurred early in the ET morning hours of Friday, July 19 when cybersecurity firm CrowdStrike issued a content update for its cloud-based Falcon Sensor endpoint security solution on Microsoft Windows hosts.
According to a CrowdStrike corporate blog post, a defect found in the update caused issues including bugcheck/blue screen errors (colloquially known as the “blue screen of death”) which prevented users of some Windows hosts from starting up their systems. The outage did not affect Mac- or Linux-based hosts.
Crowdstrike is currently reverting the update so users can restore access to their Windows hosts and the company has also posted a series of workarounds for specific hosts and environments on its website.
According to CNBC, the Crowdstrike update error has resulted in what may be the largest systems outage ever, impacting numerous industries around the world, including airlines, banks, hospitals, TV broadcasters, and U.S. 911 emergency services.
"We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD [blue screen of death]) and get stuck in a restarting state," Microsoft said in a statement to CNBC. "We can confirm the affected update has been pulled by CrowdStrike. Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance."
In a separate incident, Microsoft said it has largely remediated an outage affecting its Azure cloud services platform and Microsoft 365 apps in the central U.S.
"We experienced a storage incident in central U.S. which had downstream impact to a number of Azure services," the company said in a post on its official X (formerly Twitter) account. "This is currently mitigated; however we are still in the process of validating recovery to a small percentage of those downstream services. This was communicated to affected customers via the Service Health dashboard in the Azure portal."
The post also mentions that although the CrowdStrike incident is unrelated to this outage, Microsoft is "investigating potential options for Azure customers to mitigate" and will keep them updated.
In comments emailed to Chain Store Age, Chris Stanley, Moody’s banking industry practice lead, said the CrowdStrike outage highlights the "interconnected nature" of the modern risk landscape.
“This underscores the importance of a broad ensemble of signals and interdisciplinary integration for enhanced security, enabling tailored services and gaining strategic customer insights,” said Stanley.
