July 23, 2024 By Josh Nadeau 3 min read

On Friday, July 19, 2024, nearly 8.5 million Microsoft devices were affected by a faulty system update, causing a major outage of businesses and services worldwide. This equates to nearly 1% of all Microsoft systems globally and has led to significant disruptions to airlines, police departments, banks, hospitals, emergency call centers and hundreds of thousands of other private and public businesses.

What caused this outage in Microsoft systems?

The global outage of specific Microsoft-enabled systems and servers was isolated to a faulty software update released by CrowdStrike, one of the largest independent cybersecurity companies with nearly 30,000 subscribers worldwide.

With the majority of these subscribers automatically pushing new security updates as they become available, all impacted systems were put into a BSOD (Blue Screen of Death) state. This triggered an infinite boot cycle of the operating system, leaving the systems unable to boot correctly. The operating system then attempts to restart but encounters the same error, causing the process to repeat indefinitely.

On July 19, CrowdStrike’s CEO George Kurtz announced on X that the company is “actively working with customers impacted by a defect found in a single content update for Windows hosts.” He also confirmed that “This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”

What has been the aftermath of this incident?

Even though this CrowdStrike event only affected less than 1% of all Microsoft-enabled systems, the aftermath so far has been significant.

One of the largest industries impacted by the major outages caused by this faulty update has been air travel. On Friday, more than 3,300 flights had already been canceled around the globe. In the United States, three major airlines — Delta, American and United — all grounded their flights for several hours, causing a significant backlog of customer and commercial travel. Airports in Tokyo, Amsterdam and Delhi were also impacted while creating major issues in other international locations.

Banking institutions were also significantly disrupted by system outages that impacted everything from ATMs to mobile banking applications and call centers. Even more critical has been the impact on essential emergency services such as hospitals and 911 dispatch teams.

Massachusetts General Hospital released the following statement regarding the impact of the outage on its operations: “A major worldwide software outage has affected many of our systems at Mass General Brigham, as well as many major businesses across the country. Due to the severity of this issue, all previously scheduled non-urgent surgeries, procedures and medical visits are canceled today.”

The ongoing aftermath of this situation has demonstrated how reliant we are on an interconnected ecosystem of technology and services.

How is this issue being resolved?

As George Kurtz mentioned in his statement on X, CrowdStrike has already fixed the issue on its end and is actively working with its customers to fully resolve the problem. However, in an interview on the TODAY show on NBC, he also stated, “It could be some time for some systems that just automatically won’t recover.”

Many IT experts agree with this statement and claim it could take several days for larger organizations to get their systems back to normal operation. The problem lies in the BSOD issues that are being created. This means that while CrowdStrike has “pushed” an automatic update to users on their end since many customers will be unable to fully reboot their system, they won’t be able to receive and install the update.

CrowdStrike has published manual remediation actions for IT administrators to follow in the event they can’t see an automatic recovery from the issue. These actions involve booting an operating system into “safe mode,” making modifications to the installed drivers and rebooting again safely.

While the company has been clear that it has a permanent fix for this issue, it will take time for IT administrators to gain manual access to remote servers and systems running Microsoft operating systems so they’re able to address these issues.

Unfortunately, the damage has already been done. The ongoing ripple effects of significant economic impacts caused by this event continue to spread, with early estimates of the total losses associated nearing $1 billion.

Get IBM support updates here. If you are experiencing cybersecurity issues or an incident, contact IBM X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

More from News

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally.The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets.Who is exploiting the NGFW zero-day?As of now, little is known about the actors behind the…

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

CISA adds Microsoft SharePoint vulnerability to the KEV Catalog

3 min read - In late October, the United States Cybersecurity & Infrastructure Security Agency (CISA) added a new threat to its Known Exploited Vulnerability (KEV) Catalog. Cyber criminals used remote code execution vulnerability in Microsoft SharePoint to gain access to organizations’ networks. The CISA press release states that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” However, Microsoft identified and released a patch for this vulnerability in July 2024. Cybersecurity experts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today