Businesses around the world are reporting IT outages, including the Windows “Blue Screen of Death” error, which has become one of the most widespread IT outages in recent years. The outage, which was related to a software update from popular cybersecurity firm CrowdStrike, affected computers running Microsoft Windows at organizations across a range of sectors, including airlines, banks, retailers, brokerages, media companies, and railway networks. The travel sector appears to have been hit the hardest, according to online chatter.
CrowdStrike CEO George Kurtz said in a post on X that the outage was caused by a “flaw” in a content update for Windows hosts, and Kurtz ruled out a cyberattack. He added that the company was rolling out a fix and that Mac and Linux hosts were not affected.
“CrowdStrike is actively working with customers impacted by a flaw discovered in a single content update on Windows hosts. Mac and Linux hosts are not affected,” Kurtz said on X.
“This is not a security incident or a cyberattack. The issue has been identified, isolated, and a fix has been deployed. We encourage customers to refer to our support portal for the latest updates, and we will continue to provide complete and ongoing updates on our website. We also encourage organizations to communicate with their CrowdStrike representative through official channels. Our team is working diligently to ensure the security and stability of CrowdStrike customers,” Kurtz said.
Late Friday, the U.S. cyber agency CISA said the outage was not tied to any suspicious activity, but that “we have observed threat actors leveraging this incident for phishing and other malicious activity.”
A post on CrowdStrike’s support forum (login-only) also acknowledged the issue early Friday, saying the company had received reports of crashes related to the content update. CrowdStrike said the crashes were “related to Falcon Sensor,” a cloud-based security service it describes as “real-time threat detection, streamlined management, and proactive threat hunting.”
CrowdStrike's supervisor The subreddit also said the company is aware of “widespread reports” of blue screen errors on Windows devices across multiple versions of the software. The company is investigating the cause, the message states.
The security company did not immediately respond to a request for comment.
Microsoft began noticing the issue early in the morning on July 19. The service status page now says Microsoft 365 for consumers is back up. However, according to the service status for enterprise cloud services, enterprise apps are still experiencing outages.
“We are aware of an issue affecting Windows devices due to an update from a third-party software platform. We expect a resolution to be available soon,” a Microsoft spokesperson said in a statement to TechCrunch.
A Microsoft spokesperson said the Microsoft 365 service outage that occurred on July 18-19 was not related to the broader outage caused by the CrowdStrike update.
There will be many questions raised about the resiliency of cloud services, especially when a single update can cause a global outage.
“In our view, cybersecurity products must meet higher standards of reliability and security in customer deployments than other technology products because they are mission-critical and subject to active attack by adversaries,” Goldman Sachs analysts wrote in a research note Friday. “In some ways, we believe this will strengthen the barriers to entry into the industry and increase the need for best-in-class update, outage, and customer service protocols, ultimately favoring larger companies.”
Airlines and airports in Germany, France, the Netherlands, the UK, the US, Australia, China, Japan, India, Singapore and Taiwan are reporting problems with their check-in and ticketing systems, which are causing flight delays and massive chaos at airports.
Federal air traffic officials announced a nationwide grounding of air traffic on Friday due to a power outage that could have climate implications, experts told TechCrunch. Others were affected in different ways by the outage and airline disruption.
In the UK, the London Stock Exchange reported an outage. Several doctors’ offices in the UK said the outage affected the National Health Service’s clinical computer system, which contains medical records and is used to schedule appointments.
And in the United States, some 911 and non-emergency call centers appear to be affected. According to a post from the Alaska State Police, many of these call centers are “not functioning properly throughout the state of Alaska.”
British news broadcaster Sky News suffered a power outage this morning, the company’s chairman David Rhodes tweeted. The New Zealand Herald reported that the country’s banking services were also affected by the problem, while several Indian news channels also said they were having trouble broadcasting.
Employees at many companies have reported that the issue has left them unable to start their computers. The outage comes shortly after Microsoft identified a service issue with Microsoft 365 Apps late Thursday, which has affected several airlines, including Delta and United. Microsoft’s service status page says the issue is being resolved.
And amid the confusion, misinformation is spreading, including claims that the Las Vegas Sphere is experiencing a blue screen.
Even before CrowdStrike acknowledged its role in the crash, businesses and security experts began criticizing the company early Friday for its software that millions of people use to manage the security of devices and servers across their businesses. Experts told TechCrunch that competitors could also benefit from the debacle.
CrowdStrike has approximately 60% of the Fortune 500 and more than half of the Fortune 1,000 as customers, according to its website. The company’s services are deployed by eight of the top 10 financial services companies and an equal number of leading technology companies. It also has a deep and broad presence in the healthcare and manufacturing sectors, serving six and seven of the top 10 companies in those industries, respectively.
CrowdStrike's stock was down about 11% at market close on Friday, giving it a market cap of $74.2 billion as of this writing.
Ram Ayer, Ingrid London and Jack Whittaker contributed to this report.
This article was originally published on July 19 at 12:09 a.m. and has been updated to reflect new information.
