Today’s (Friday 19 July) problems with Microsoft’s cloud services have gone down in history as one of the biggest IT outages ever, affecting countless businesses and individuals around the world.
According to the Financial Times (FT), it is yet another example of how a small technical change by a company unknown to many outside the IT industry can cause widespread havoc.
Companies are grappling with problems affecting computers, servers and other IT equipment running Microsoft Windows. Users of affected computers are experiencing a ‘blue screen of death’ indicating that Windows cannot load. They have seen it.
Microsoft blamed a buggy update from security software vendor CrowdStrike. CrowdStrike CEO George Kurtz said in a post on X that the cause of the problems was “a bug found in a single content update for Windows”.
Kurtz said PCs and servers running Apple’s MacOS and the open-source Linux operating system, which is widely used in Internet infrastructure, were not affected.
“This is not a security incident or a cyber attack. The problem has been identified, isolated and a fix has been issued,” the CrowdStrike CEO said.
CrowdStrike is one of the largest providers of ‘endpoint’ security software that protects the connections between computer networks and remote devices connected to corporate networks, from laptops, phones and servers to retail payment terminals and ATMs. Any of these devices running Windows could be affected by the bug.
Customers of Microsoft’s Azure cloud computing platform, much of which runs on Windows, have also reported problems. The IT outage has affected airlines, banks and publishers from the US and Europe to Australia, Japan and India.
This morning’s global IT outage is unprecedented in terms of the range and scale of systems affected,’ said Harjinder Lallie, a cyber security expert at the University of Warwick.
CrowdStrike is a cybersecurity company founded in 2011 and based in Austin, Texas. Its Falcon software is designed to stop cyberattacks and includes a range of products that run on individual devices and are delivered via the cloud.
The company’s revenue rose by a third to $3.1 billion in its latest fiscal year, which ended in January, while net income narrowed to $90.6 million from a loss of $183.2 million a year earlier.
CrowdStrike says it is “the cloud security provider of choice for 62 of the Fortune 100”, with more than 29,000 companies using its products.
The Nasdaq-listed company joined the S&P 500 last month.
CrowdStrike’s shares had more than doubled over the past year before Friday’s outage, giving the company a market capitalisation of $83.5 billion. However, the shares fell sharply before the Nasdaq opened in New York on Friday.
While CrowdStrike says a ‘fix is in place’, it is unclear how long it will take to roll out to the large number of affected customers and all employee devices.
Vasileios Karagiannopoulos, a cybersecurity researcher at the University of Portsmouth, said the problems “could take days, if not weeks, to resolve”.
Karagianopoulos added that the problems were ‘so global and so widespread across systems that IT support may be sparse due to demand’.
Cybersecurity researcher Kevin Beaumont said in social media posts that CrowdStrike customers were going through an ‘incredibly painful’ process to resolve the issue.