CrowdStrike has admitted to pushing out a bad software update, causing many Windows machines running the affected software to crash. The problem, apparently affecting its Falcon platform, brought down servers at airlines, locked up computers at banks, and hurt healthcare services.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” the company said Friday in a post to its blog titled “Statement on Windows Sensor Update.”
Mac and Linux versions of the software are unaffected, and the incident was not the result of a cyberattack, it said.
“The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website,” CrowdStrike said in its blog post.
Falcon is CrowdStrike’s endpoint security platform.
Australian businesses were among the first to report encountering difficulties on Friday morning, with some continuing to encounter difficulties throughout the day. At 6pm Australian Eastern Standard Time Bank Australia posted an announcement to its home page saying that its contact center services were still experiencing problems.
Qantas, the airline, reported problems with its website, booking systems, check-in and flight management.
“We’re experiencing technical issues due to a global third-party outage impacting airlines and other businesses around the world,” it said on its website late Friday, Australian time.”
In Germany, the University Medical Center Schleswig-Holstein (UKSH) reported that it too had been affected.
“A global IT outage has hit the cybersecurity company CrowdStrike. Authorities, airports, and banks around the world have been affected by the outage,” UKSH announced on its home page, noting that the outage affected both its locations, Kiel and Lübeck. “Due to this, the UKSH is cancelling all elective procedures for today,” it continued. “The outpatient clinics at both locations will also be closed.” It would continue to provide care for patients already in the clinics, and emergency cases, it said.
Industry experts were quick to jump in with comment.
“The scale of this outage highlights the risks associated with over-reliance on a single system or provider,” Mark Boost, CEO of cloud computing provider Civo, said via email. “Implementing redundant systems and failover protocols is not just a best practice but a necessity for maintaining critical operations. It’s a sobering reminder that size and reputation do not guarantee invulnerability to significant technical issues.”
That was a theme echoed by Martin Greenfield, CEO of cybersecurity monitoring firm Quod Orbis. “The global IT outage underscores a critical weakness in many organisations’ cyber-resilience strategies: an overreliance on single-point solutions,” he said via email. “While such tools are essential, they should not be the sole pillar of a robust cybersecurity posture. This incident serves as a reminder that even industry-leading solutions can falter, potentially leaving entire sectors vulnerable.”
Stephen Johnson, CEO of consultancy Roq, took aim at CrowdStrike’s poor quality control. “It is imperative that organisations embed quality deeply into their operational psyche and apply it to technology delivery right from the start. By identifying and managing these risks early on, organisations can prevent issues before they impact customers,” he said via email.