On Friday, July 19th, around 3 PM, a significant worldwide outage involving Microsoft caused widespread disruptions to businesses across the globe.
According to CrowdStrike CEO George Kurtz the outage wasent caused by a security incident or a cyberattack, but rather a software defect. However, the issue was identified, isolated, and engineers deployed an update to correct the problem
The CrowdStrike disruption has made the past few days difficult for businessess worldwide. To help you come up for air, here is a list of companies that have been affected by the outage hosted on Microsoft’s cloud services.
- 3M (3m.com) – United States
- 3M Health Information Systems (3mhis.com)
- 7-Eleven (7eleven.com.au)
- ADP (adp.com) – United States
- AGL Energy (agl.com.au) – Australia
- ANZ Bank (anz.co.nz)
- ASB Bank (asbbank.co.nz) – New Zealand
- AirAsia Philippines (airasia.com)
- Alaska (alaska.gov)
- Allegiant Air (allegiantair.com)
- Allianz (allianz.com) – Germany
- Amazon (amazon.com) – United States
- American Airlines (aa.com)
- Amgen (amgen.com) – United States
- Arvest Bank (arvest.com)
- Aurizon (aurizon.com)
- Australia Post (AusPost) (auspost.com.au)
- Australian Broadcasting Corporation (abc.net.au)
- Australian Red Cross Lifeblood (lifeblood.com.au)
- Avionte (avionte.com)
- BDO Unibank (bdo.com.ph)
- BNY Mellon (bnymellon.com) – United States
- BT (bt.com) – United Kingdom
- Banco Santander (santander.com) – Spain
- Bank Australia (bankaust.com.au)
- Bank of America (bankofamerica.com) – United States
- Bank of Queensland (BoQ) (boq.com.au)
- Bank of the Philippine Islands (BPI) (bpi.com.ph)
- Belfast Airport (belfastairport.com)
- Bendigo Bank (bendigobank.com.au)
- Best Buy (corporate.bestbuy.com) – United States
- Big W (bigw.com.au)
- Biogen (biogen.com) – United States
- BlackLine Systems Inc (blackline.com) – United States
- Blue Cross Blue Shield (bcbs.com) – United States
- British Airways (britishairways.com)
- Bunnings (bunnings.com.au)
- CBS (cbs.com) – United States
- Campaign Monitor (campaignmonitor.com) – United States
- Campaign Monitor by Marigold (campaignmonitor.com)
- Capital One (capitalone.com) – United States
- Cebu Pacific Air (cebupacificair.com)
- Changi Airport (changiairport.com)
- Charles Schwab (schwab.com) – United States
- Chase (chase.com)
- City of New York (nyc.gov) – United States
- City of Pleasanton (cityofpleasantonca.gov)
- ClickDimensions (clickdimensions.com)
- Coles (coles.com.au)
- Colorado DMV (dmv.colorado.gov)
- Commonwealth Bank (commbank.com.au)
- Concentrix (concentrix.com)
- Dartmouth College (dartmouth.edu)
- Datacom (datacom.com) – New Zealand
- Dell Technologies (dell.com) – United States
- Deloitte US (www2.deloitte.com) – United States
- Delta (delta.com)
- Department of Health and Human Services (hhs.gov)
- Department of Homeland Security (dhs.gov)
- Department of Justice (justice.gov)
- Descartes Peoplevox (peoplevox.com)
- Desccartes Pixi (web.pixi.eu)
- Desjardins Group (desjardins.com) – Canada
- Destin8 (destin8.co.uk)
- Deutsche Telekom (telekom.com) – Germany
- Disney Parks (disneyparks.disney.go.com)
- Duke University (duke.edu) – United States
- EY (ey.com) – United Kingdom
- Elavon (elavon.com)
- Emory Healthcare (emoryhealthcare.org)
- Engage by Marigold (selligant.com)
- Equip Super (equipsuper.com.au)
- Eurowings (eurowings.com)
- FIS Global (fisglobal.com) – United States
- FedEx (fedex.com) – United States
- Fiserv (fiserv.com) – United States
- FiveStars (fivestars.com)
- Frontier Airlines (flyfrontier.com)
- GSK (gsk.com) – United Kingdom
- Gatwick Airport (gatwickairport.com)
- Gatwick Express (gatwickexpress.com)
- Georgia’s Department of Driver Services (dds.georgia.gov)
- Granicus Rocksolid (rocksolid.com)
- HBF Health (hbf.com.au)
- HCL Technologies (hcltech.com) – India
- HP (hp.com) – United States
- HSBC (hsbc.com) – United Kingdom
- Health Partners (healthpartners.com.au)
- Heathrow Airport (heathrow.com)
- Henry Ford College (hfcc.edu)
- Hewlett Packard Enterprise (hpe.com) – United States
- Hilton (hilton.com) – United States
- Honda Motor (global.honda) – Japan
- Insurity (insurity.com)
- InterContinental Hotels Group (ihgplc.com) – United Kingdom
- IronOrbit (ironorbit.com)
- Ivanti (ivanti.com) – United States
- JPMorgan Chase (jpmorganchase.com) – United States
- Jetstar (jetstar.com)
- JurisEvolution (jurisconcept.ca)
- Kaleida Health (kaleidahealth.org)
- Kennesaw State University (kennesaw.edu)
- KiWiBank (kiwibank.co.nz)
- Land Bank of the Philippines (Landbank) (landbank.com)
- Lennox (lennox.com) – United States
- Linx Commerce (linxcommerce.com.br)
- LiveHelpNow (livehelpnow.com)
- Lloyds (lloydsbank.com)
- London & Zurich (londonandzurich.co.uk)
- London Stock Exchange Group (lseg.com) – United Kingdom
- Lucca (lucca.fr)
- Lufthansa (lufthansa.com)
- Luma Health (lumahealth.io)
- Lumen (lumen.com) – United States
- Luton Airport (london-luton.co.uk)
- MTA (new.mta.info)
- Macquarie Bank (macquarie.com.au)
- Magna International (magna.com) – Canada
- Marriott (marriott.com) – United States
- Mars (mars.com) – United States
- Mass General Brigham (massgeneralbrigham.org) – United States
- McDonalds (mcdonalds.com)
- Medibank (medibank.com.au) – Australia
- Memorial Sloan Kettering Cancer Centre (mskcc.org)
- Mercedes-AMG Petronas Motorsport (mercedesamgf1.com) – United Kingdom
- MetLife (metlife.com) – United States
- Metro Bank (UK) (metrobankonline.co.uk)
- Metropolitan Bank and Trust Company (Metrobank) (metrobank.com.ph)
- Monash University (monash.edu)
- MyConnect (my-connect.nl)
- NASA (nasa.gov)
- NHS (nhs.uk)
- NSW Government (nsw.gov.au)
- NSW Police (police.nsw.gov.au)
- National Australia Bank (nab.com.au) – Australia
- Network 10 (10play.com.au)
- New Delhi Airport (newdelhiairport.in)
- News Corp (newscorp.com) – United States
- Nomura Kogeisha Group (nomurakougei.co.jp) – Japan
- North Carolina DMV (ncdot.gov)
- Norton Healthcare (nortonhealthcare.com)
- Nubank (nubank.com.br)
- Octopus Deploy (octopus.com)
- Optus (optus.com.au)
- PG Forsta (forsta.com)
- PNB (pnb.com.ph)
- Pacific Life (pacificlife.com) – United States
- Paris Olympics (olympics.com)
- PayPal (paypal.com) – United States
- PeaceHealth (peacehealth.org)
- Penn Information Systems & Computing (upenn.edu)
- Pitney Bowes (pitneybowes.com) – United States
- Plusserver (plusserver.com)
- Poland’s Baltic Hub (portgdansk.pl)
- Port of Felixstowe (portoffelixstowe.co.uk)
- Port of Tilbury (forthports.co.uk)
- Porter Airlines (flyporter.com)
- Proofpoint (proofpoint.com) – United States
- PwC (pwc.com) – United Kingdom
- Qantas (qantas.com) – Australia
- Qualcomm (qualcomm.com) – United States
- RBC (rbc.com) – Canada
- RCBC (rcbc.com)
Kurtz moved forward and apologised to customers. He said the company is “deeply sorry for the inconvenience and disruption.”
In an update posted to LinkedIn late Sunday, CrowdStrike said “a significant number” of the 8.5 million devices were back online and operational.
How Many Companies Use CrowdStrike?
CrowdStrike’s cyber security services are responsible for 298 of the Fortune 500 companies, 538 of the Fortune 1000 companies, and 8 out of 10 of the top financial firms
What Happened?
Issues surfaced shortly after the most recent release of CrowdStrike’s Falcon sensor software on Friday. The intended enhancement to bolster system security against cyber threats inadvertently led to devices encountering a “blue screen of death” due to flawed code.
Who Is CrowdStrike?
Established in 2011, CrowdStrike is a cybersecurity technology company that serves businesses worldwide. It provides solutions such as cloud workload protection, endpoint security, threat intelligence, and services for responding to cyberattacks.
What is CrowdStrike Falcon?
The Falcon Sensor serves as a crucial element within CrowdStrike’s endpoint protection platform. Its primary roles encompass threat detection, device data collection, endpoint security, and transmitting data to the CrowdStrike cloud for additional analysis.
CrowdStrike Issued Statement
“CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform,”
“This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems,”
“The sensor configuration update that caused the system crash was remediated on Friday, July 19, 2024 05:27 UTC. This issue is not the result of or related to a cyberattack,” the company said.
Industry Speaks Out
Here’s what the experts said as the world began to learn just exactly what had happened.
- Satnam Narang – Senior staff research engineer at Tenable
The outage affecting computer systems worldwide is severe. It is affecting critical systems, such as those in hospitals, airports, financial institutions and more. For instance, patients aren’t able to get medications in the hospital setting.
It’s impacted me personally as I have a loved one who is currently in the hospital setting. While the issue is associated with Windows systems, it does not appear to be an issue with Microsoft Windows, but rather, security software installed on millions of Windows computers worldwide.
Because this is a security software, it requires a higher level of privileges to the underlying operating system, so a bad or faulty security update can result in a catastrophic impact.
- Jake Moore – Global security adviser at ESET
These outages are increasing in volume due to the sheer increase in numbers of online users and traffic. After witnessing the blue screen of death (BSOD), many people are quick to suspect a cyber attack or find similarities to Netflix’s Leave The World Behind, but this can often add to the confusion. It highlights the importance of these services and the millions of people they serve.
Businesses must test their infrastructure and have multiple fail safes in place, however large the company is; this is typically referred to as a cyber resilience plan.
But as often is the case, it is simply impossible to simulate the size and magnitude of the issue in a safe environment without testing the actual network.
The inconvenience caused by the loss of access to services for thousands of people serves as a reminder of our dependence on big tech, such as Microsoft, in running our daily lives and businesses.
Upgrades and maintenance to systems and networks can unintentionally include small errors, which can have wide-reaching consequences, as experienced today by Crowdstrike’s customers.
- Professor of Practice Nigel Phair – Department of software systems and cyber security, faculty of information technology at Monash University
A major outage has occurred, affecting a number of Australian and global organisations; it appears not to be malicious in nature [but] rather an error stemming from a network outage. The type of outage is unknown at this stage, but it highlights the dependencies organisations have on the internet and related online technologies.
It is looking like the outage is focused on the Microsoft operating system linked to the global cyber security company CrowdStrike.
Organisations need to take an “all hazards” approach to the availability of their IT networks and take appropriate risk management practises to ensure they can be resilient against any future incidents.
- Omer Grossman – CIO at CyberArk
The current event appears – even in July – that it will be one of the most significant cyber issues of 2024. The damage to business processes at the global level is dramatic.
The glitch is due to a software update of CrowdStrike’s EDR product. This is a product that runs with high privileges that protects endpoints. A malfunction in this can, as we are seeing in the current incident, cause the operating system to crash.
There are two main issues on the agenda: the first is how customers get back online and regain continuity of business processes.
It turns out that because the endpoints have crashed – the blue screen of death – they cannot be updated remotely, and this problem must be solved manually, endpoint by endpoint. This is expected to be a process that will take days.
- Dmytro Tereshchenko – Head of information security department at Sigma Software Group
The CrowdStrike failure has significantly impacted many organisations globally. This includes critical sectors such as banking, stock exchanges, airports, and emergency services.
Recovery protocols are in place for those affected, though a comprehensive restoration across many entities will likely be a protracted process.
For cyber security professionals, this incident isn’t something new and unexpected. It underscores a known issue within our highly interconnected supply chains.
A disruption to any key supplier can indeed have extensive repercussions, affecting a broad spectrum of systems and services.
While this situation is neither unprecedented nor unexpected, the timeline for complete recovery remains uncertain. We clearly understand the problem’s scale, but precise recovery estimates are still forthcoming.
- Shane Maher – Managing director of Intelliworx
This shows why disaster preparedness is so important. And it’s not just about security, it’s more about disaster recovery and handling the situation.
There are so many people affected by this outage. It’s not just a technical problem, it’s a business problem.
Businesses should have a plan for these kinds of situations because they can happen anytime and they should communicate clearly and honestly with their customers and stakeholders when they do.
- Matt Fedele-Sirotich – Chief technology officer of CSO Group and Cyber Wardens
It is crucial that businesses operate with heightened awareness after major outages or global events as attackers capitalise on our eagerness to resolve the issue or be better informed.
We all need to slow down and think before we act as this will enable us to collectively better protect our customers.
While this incident was not a deliberate cyber attack, it underscores the importance of businesses taking proactive measures to mitigate the risk of such threats.
Unfortunately, it is often user error and lack of basic digital knowledge that opens the door to cyber threats, highlighting the need for ongoing education and awareness programs to strengthen cyber security resilience.
8.5 Million Windows PCs Crashed
Following the devastating CrowdStrike update that caused 8.5 million Windows PCs to crash last week, Australian companies and many others worldwide are still grappling with the aftermath. It’s evident that numerous industry professionals have strong opinions about the software failure.
