Flights were being canceled around the world.
Bank and hospital systems were in a deadlock. TV stations were scrambling, and 911 services were down in multiple states.
These were just a few of the challenges stemming from a major IT outage on Friday causing Windows PCs around the world to malfunction and get the dreaded Blue Screen of Death.
The outage can be traced back to a single defective software update issued by Crowdstrike, a U.S-based cybersecurity company that provides security software services to nearly 300 Fortune 500 companies.
Crowdstrike CEO George Kurts said in a post on X Friday morning that “a fix has been deployed” and stressed the outage was not the result of a cyberattack or security breach.
It could be a while for the update to go through for everyone, and users have found a workaround that involves booting the PC in Safe Mode and deleting the file containing the update on the back end; however, that isn’t a perfect solution for everyone.
Additionally, some people have found that rebooting their PCs as many as 15 times could also fix the issue, according to Microsoft.
Kevin Fu, a Northeastern University professor of electrical and computer engineering and cybersecurity adviser to the White House, said the incident “calls into question the fundamentals.”
“What’s really a gut punch is that this is a cybersecurity company, which is a type of company that should be the world’s expert in keeping systems highly available, but it did the opposite,” he adds.
It’s a frustrating and dangerous predicament for consumers to be in, he notes. He points to the outage’s impact on hospital systems since patient care is time sensitive. Given the scope of industries affected and the duration of the outages, Fu says it’s likely that the economy will likely take a big financial hit.
“I would not be surprised if at the end of the year, the U.S. government, the Department of Commerce, will publish something that shows a dip in the gross domestic product as a result of the single software outage,” he says.
But how could such a simple software update cause such big problems?
Fu says there is still much to be learned about the situation but he guesses the issue could have been as simple as an error in a small piece of code that went unnoticed when the company was testing out the update before it was deployed.
“Maybe there was a one where there should have been a zero, and maybe that never had any significance except for in this particular case,” he adds.
Josep Jornet, a professor of electrical and computer engineering, says the outage highlights the global economy’s reliance on a select few pieces of technology run over the internet. That puts both consumers and businesses at an increased risk, he says.
“Today, any company whose infrastructure (servers and/or user-facing terminals) relied on Windows and utilized CloudStrike, has had at least some of their operations disrupted,” he says. Banking, transportation, e-commerce for any company (e.g., billing, ticketing, scheduling, etc.). All gone.”
It’s anyone’s guess when all systems will be fully operational again given the scale of the issue and the complexities involved with getting all those PCs online again, Fu says.
“I would not be surprised if it gets fixed today,” he says. “I would not be surprised if it gets fixed in six months. If it’s going to be a six-month fix, we’ll likely see workarounds where maybe some service is degraded. I would imagine by the end of the day (Friday), we’re going to see a lot of workarounds put in place.”