Several critical services went down last night after security company CrowdStrike tried to update its systems. Among those affected are various airlines as well as government agencies globally.
The problems are of a clearly global nature. Problems are arising as far afield from Australia as the Netherlands, too. Dutch outlet De Telegraaf reports that flights to and from Schiphol Airport, a European hub, may be affected. The Dutch flag-carrier KLM Royal Dutch Airlines has also been affected, preventing the company from handling flights properly. However, Air Traffic Control’s systems are working.
Uncertainty about exact cause
The cause is CrowdStrike, which caused a blue screen of death during an update of its software. The company’s Falcon security platform is used by many around the globe to protect their Windows systems. “Our engineers are actively working to resolve this issue and there is no need to open a support ticket,” CrowdStrike announced.
By now, there seem to be enough indications that a cyber attack does not cause at least the problem.
The sensor in question is on a Windows machine to detect potential threats. It is a lightweight piece of software that requires little processing power. If it detects a threat, it automatically blocks it. Part of providing this sensor with new techniques and thus detecting new threats is that it needs to be updated regularly. This is what CrowdStrike does automatically, which seems to have caused last night’s outages.
Although CrowdStrike has indicated it is investigating, the support page where updates about the problem are posted is not publicly accessible. This is highly undesirable in this case. While CrowdStrike users can access it by logging in, the broad impact of the outage means the updates are relevant to everyone. Customers of affected airlines, for example, are also entitled to this information.
Air traffic affected globally
Several airports and airlines are temporarily grounding aircraft. Many of the problems appear to have a U.S. origin. Initially, Frontier Airlines decided to ground planes for hours last night and cancel flights. Booking, check-in and access to boarding passes were impossible for some passengers due to the outage.
Later in the night, Frontier’s operations were restarted. At first, Microsoft was considered a possible cause because of a cloud services outage. Microsoft traced the cause to the central-U.S. region. That explains why other airlines were also affected, including KLM partner Delta, United Airlines, American Airlines, Allegiant Air and Sun Country Airlines. It appears the Microsoft issue has been fixed, according to security researcher Kevin Beaumont. He states on X that it’s CrowdStrike that’s the cause for the global outage.
Berlin Airport and other international air hubs have since announced they are also affected by the outage.
Banks, schools and media are also affected by the outage.
This post will be added to as the story unfolds.
Tip: CrowdStrike expands Falcon Platform with Linux protection capability