 |
| What is Causing the Microsoft Outage? |
Microsoft systems have experienced two major issues in quick succession, contributing to global outage confusion.
On Friday, a faulty software update from a little-known cybersecurity firm caused widespread computer outages, impacting airlines, hospitals, emergency responders, and numerous other businesses and services. This problem originated from an update by CrowdStrike, an Austin, Texas-based cybersecurity company. Their new code caused Microsoft Windows-based computers to crash upon installation.
The repercussions were immediate and widespread. CrowdStrike and Microsoft are integral to many major businesses. The disruptions led to flight cancellations and airport chaos across the United States, Europe, and Asia. In the U.S., 911 operators in several states were unable to respond to emergencies. Parts of the UK's National Health Service experienced issues, new driver’s licenses couldn't be issued in some regions, and some television broadcasters were unable to air programs.
This incident highlighted global reliance on Microsoft and key cybersecurity firms like CrowdStrike, showing how a single flawed software release can instantly affect countless companies and organizations dependent on these providers.
Ciaran Martin, former chief executive of Britain’s National Cyber Security Center and an Oxford University professor, described it as a stark reminder of the fragility of the world's core internet infrastructure.
Though not caused by a cyberattack, Friday's issues raised questions about the accountability of software firms when their code flaws cause significant disruptions.
George Kurtz, CrowdStrike’s CEO, acknowledged the mistake and announced a software fix, warning that a full recovery could take time. He expressed deep regret for the impact on customers and affected individuals.
Microsoft attributed the problem to CrowdStrike and anticipated a resolution. Apple and Linux systems were unaffected by the flawed CrowdStrike update.
The speed of implementing the fix remains uncertain due to the widespread impact. Lukasz Olejnik, an independent cybersecurity researcher, noted that the solution involves manually rebooting each affected computer into safe mode, deleting a specific file, and restarting the computer. While straightforward, this process may not be easily scalable, although well-organized IT teams might resolve the issues more swiftly.
Unlike visible iPhone software updates from Apple, this incident involved backend IT systems that businesses use but are typically unseen by the public. Companies rely on numerous other firms to develop the software that supports their operations.
A significant issue with the CrowdStrike update was its role in critical cybersecurity tasks, scanning computers for viruses and other threats. Thomas Parenty, a cybersecurity consultant and former NSA analyst, pointed out that security software requires absolute privileges over a computer to function, making any faults potentially more consequential than issues with ordinary software.
In addition to the CrowdStrike problem, Microsoft faced another issue on Thursday, affecting some of its central U.S. clients, including airlines, due to an outage on its Azure cloud service system. Microsoft identified a preliminary cause but noted that some users might still be unable to access certain Microsoft 365 apps and services, including Teams video conferencing.
Microsoft stated that this issue was unrelated to the CrowdStrike outage and was working to restore services quickly.
These incidents highlighted a harsh reality: software companies often face minimal liabilities for significant disruptions and cybersecurity incidents. Unlike car manufacturers, who face severe penalties for faulty products, software providers can usually issue another update and move on. This lack of accountability means there is little motivation for these companies to implement fundamental changes.
Thomas Parenty emphasized that until software companies are held financially accountable for faulty products, the safety and reliability of software will remain unchanged.