Microsoft outage: CrowdStrike security update impacts airports, hospitals, banks around the world

A massive technology outage has impacted computer systems around the world — affecting airlines, hospitals, healthcare providers, 911 call centers, banks and other businesses.

CrowdStrike, a cybersecurity company founded in 2011, owns more than 10 different security and IT tools and, according to the company's website, is involved with almost 300 of the Fortune 500 companies, six out of the top 10 healthcare providers, eight of the top 10 financial services firms and eight of the top 10 technology firms.

What exactly is the problem?

Devices using Windows Client and Windows Server that automatically installed a CrowdStrike security update Friday morning are "stuck in a restarting state." This "restarting state" is more colloquially referred to as the "blue screen of death" (BSOD) which locks users out of their computers.

What caused this?

Two issues with Microsoft systems happened back to back. On Thursday, some Microsoft clients in the central U.S. reported having issues with its cloud service, Azure, which resulted in several airlines briefly grounding all flights.

On Friday, a flawed security update by CrowdStrike impacted even more Windows users. It is not clear whether Microsoft’s initial issue with Azure was related to the crashes caused by the CrowdStrike update.

George Kurtz, CrowdStrike's chief executive, issued a statement Friday morning clarifying that it "is not a security incident or cyberattack" and that "the issue has been identified, isolated and a fix has been deployed."

Why is the CrowdStrike outage taking so long to fix?

Microsoft, in a post on X early morning Friday, said that while the "underlying cause has been fixed" the "residual impact is continuing to affect some Microsoft 365 apps and services."

Lukasz Olejnik, an independent cybersecurity consultant, explained to the New York Times that the problem is that the solution requires a manual reboot for each device affected. For the large-scale companies and industries that are impacted, there isn't a way to automate the reboot — each individual, affected device has to be addressed.

“There is a workaround, but it requires manually tampering with Windows systems files in recovery mode,” Olejnik told the outlet. “Such practice is in general not advised ordinarily, as mistakes may cause other problems.”

Therefore, these companies need to figure out how to deploy large numbers of professionals to go through and update each of their devices one by one.

Who is affected by the CrowdStrike outage?

Hospitals

Several major hospitals throughout the U.S. have had to cancel all “non-urgent visits” due to disruptions from the outages.

Mass General Brigham, a nonprofit that operates one of the largest hospital systems in the state of Massachusetts, said in a post on X that it was dedicating "every available resource to resolve this issue as quickly as possible."

James Bore, a managing director of a cybersecurity consulting firm, told the Associated Press, "There are going to be deaths because of this. It's inevitable."

Airports

Airports across the globe have reported issues with international and domestic flights. South Korea's largest airport, Incheon International Airport, is dealing with delays across a slew of low-cost airlines because of issues with ticketing and other services.

In Germany, all flights at Berlin-Brandenburg BER Airport were temporarily suspended, although some departures started to resume around 10 a.m. CET. Dutch airline KLM also announced it was affected and that operations would be suspended until further notice. Switzerland's largest airport in Zurich announced that planes were not allowed to land this morning.

In the U.S., more than 26,000 flights were delayed and more than 2,000 flights were canceled because of the outage.

911 call centers

Several emergency 911 call centers were disrupted throughout the U.S. — including in Phoenix, Ariz. and across the entire state of Alaska — although some cities and states have reported improvement throughout the morning.

Banks

The London Stock Exchange's news service stopped working while Pakistan's JS Bank told customers that it was facing technical issues, too. Bloomberg reported that Deutsche Bank said its research portal was impacted and S&P Global Market Intelligence also said it was experiencing "service issues across numerous S&P Global Platforms, including Securities Finance products."

However, forecasting firm Capital Economics told the Associated Press that while the outage is still happening, it does not anticipate "a major macroeconomic or financial market impact at this stage."

Paris Olympics

The Paris Olympics, which kick off next week on July 26, said that its IT services had been affected — although mostly regarding uniform deliveries and accreditations. Its ticketing system and preparation of venues are "continuing normally," the organization said in a press release.