Americans woke up this morning to a realization that the world was not functioning right. The crisis has spread across the globe, grounding flights, shutting down hospitals and causing global travel chaos, all seemingly caused by a software update from cybersecurity firm Crowdstrike.
According to Crowdstrike, which is often where large companies turn for help during cyberattacks, its software update caused the Microsoft Windows operating system to crash, causing the infamous Blue Screen of Death. Given that Crowdstrike works with 25,000 businesses and that Windows is integral to the operation of so many computers around the world, this mistake has had huge consequences.
American Airlines, like many other airlines around the world, grounded all flights this morning (although as of 6.30am it said they had started to resume operations). KLM reported that the situation resulted in “the flight being unable to be processed”. As of this writing, all Delta flights remain suspended.
In Australia and Europe, power outages have had a greater impact as office hours have moved hours earlier, with hospitals reporting having to cancel surgeries, while in the UK almost all GP surgeries have had to stop seeing all but the most urgent patients. All patients except.
Grocery stores found they couldn’t accept payments, Washington’s subways stopped running, entire television networks were unable to broadcast, and in Alaska, 911 systems collapsed.
Over the past few minutes, Crowdstrike has confirmed that its software appears to be the cause, after many other major companies speculated that this was the case. The company issued a statement saying that a “flaw” had been discovered and a “fix has been deployed.” The company also made it clear that this was not a cyberattack. The following is the full text of the statement:
Crowdstrike is actively working with customers affected by the flaw discovered in a single content update for Windows hosts.
Mac and Linux hosts are not affected. This is not a security incident or cyberattack.
The issue has been identified, isolated, and a fix has been deployed.
We recommend customers visit the support portal for the latest updates and will continue to provide complete and ongoing updates on our website.
We further recommend that organizations ensure communication with Crowdstrike representatives is through official channels.
Our team is fully mobilized to ensure the safety and stability of Crowdstrike customers.
However, the BBC reports that this may not be as simple as rolling out a patch. Given that this issue causes a BSOD on your computer, a lot of fixes may require a manual computer restart, and Crowdstrike is very widely used. A BBC reporter reported: “This… does not appear to be a problem that can be solved by central commands from IT administrators at the company headquarters. They need to restart every affected computer.”
Comparisons are being made to the scale of the problems caused by the WannaCry cyberattack in 2017, but many affected locations reported that services were being restored as morning came.
This will raise huge questions in the coming days about how vulnerable the modern internet is to something as simple as a single software update. The web of 2024 is nothing like it was two decades ago, with almost everything now run by three companies: Microsoft, Amazon, and Google. As we are seeing today, when something affects only one of these three, the results can be international and catastrophic.
However, at least my city Still running.
.
