Global Microsoft Outage Grounds Flights, Disrupts Businesses Worldwide

A global Microsoft outage grounded flights and disrupted hospitals, banking, businesses and emergency services overnight after a software update from cybersecurity company CrowdStrike impacted systems. 

The IT issue impacted flights across the globe with American Airlines, Delta and United all issuing ground stops early Friday morning due to communication issues. 

Just before 6 a.m. EST, the FAA said it was “closely monitoring a technical issue impacting IT systems at U.S. airlines. Several airlines have requested FAA assistance with ground stops until the issue is resolved.”

As of 6:15 a.m., five U.S. airports are currently closed including Boston, La Guardia, Charles M. Schulz–Sonoma County Airport, Las Vegas, Aspen/Pitkin County Airport and Milwaukee Mitchell International Airport. And that list is growing.

As of 8:20 a.m., 11 airports were closed.

CrowdStrike president and CEO George Kurtz issued a statement early Friday morning saying it was not a security incident and that they’ve identified the issue and are deploying a fix. 

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” he said.

“We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”

Speaking to Savannah Guthrie and Hoda Kotb on the “Today” show Friday morning, Kurtz apologized to those impacted. 

"We're deeply sorry for the impact we have caused to customers, travels, to anyone affected by this,” he said. "The system was sent an update and it had a software bug in it.”

Kurtz said the bug was immediately identified and systems were rebooted to come back online.

When Guthrie asked how one single software bug can have such a profound impact, Kurtz attributed it to his company always trying to stay one step ahead of “adversaries” and that it was “only Microsoft that was impacted.”

He went on to say it was a software update, not a cyberattack and that it’s fixed on their end. Now their mission is to “get every customer back to where they were."

Dafydd Vaughan, chief technology officer at Public Digital and co-founder of the U.K. Government Digital Service, told IoT World Today that today’s outage shows that in our interconnected world, we are more vulnerable than ever to cyber threats and errors. 

“This issue seems most likely to have been a mistake – a faulty update pushed out to hundreds of millions of computers around the world,” Vaughan said. “CrowdStrike of course should have spotted this before it went live, but even with extensive testing it only requires a small percentage of systems to have issues with the update to cause widespread disruption.

“Things will always go wrong: it’s a question of when, not if. Companies and national governments need to be prepared and take mitigating actions to minimize their exposure. Today’s crisis could have been avoided by companies rolling out computer updates on a few machines first to check they work, rather than sending them to all machines at the same time.”

This is a breaking story and will be updated as more information becomes available.