Microsoft outages caused by CrowdStrike software glitch paralyze airlines, other businesses. Here's what to know.

How the CrowdStrike glitch crippled operations across the globe

Banks, airlines, television networks and health systems around the world that rely on Microsoft 365 apps were hit by widespread outages early Friday linked to the company CrowdStrike. Thousands of flights and train services were canceled globally, including more than 1,800 in the U.S., and there were disruptions to many other public and retail services. 

Here's what we know about the outages:

What caused the global Microsoft outages?

The issue was caused by a technical problem that global cybersecurity firm CrowdStrike said it had identified in its software and was working to resolve. CrowdStrike provides antivirus software to Microsoft for its Windows devices.

"Earlier today, a CrowdStrike update was responsible for bringing down a number of IT systems globally," Microsoft said in a statement to CBS News. 

Later on Friday, Microsoft said on social media that it had "completed our mitigation actions and our telemetry indicates all previously impacted Microsoft 365 apps and services have recovered. We're entering a period of monitoring to ensure impact is fully resolved."

In a statement, CrowdStrike CEO George Kurtz said the issue had been identified and a solution was being implemented. He added that "this is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed."

Long lines of passengers form at check-in counters at Ninoy Aquino International Airport amid a global IT disruption caused by a Microsoft outage and a CrowdStrike problem July 19, 2024, in Manila, Philippines. Ezra Acayan/Getty Images

In an update shared Friday afternoon on social media, Kurtz again apologized to those impacted and said he was committed "to provide full transparency on how this occurred and the steps we're taking to prevent anything like this from happening again."

What has been affected by the Microsoft outages?

Over 3,000 flights had been canceled within, into or out of the U.S. as of Friday night, and more than 11,400 others were delayed, according to the flight tracking service, FlightAware. Globally, more than 42,000 flights were delayed Friday. 

American Airlines, Delta Air Lines, and United Airlines resumed at least some flight departures later Friday morning after pausing operations earlier in the day due to the outages. 

"We have recovered our operation today and expect to deliver a reliable operation for our customers tomorrow," American Airlines said in a statement Friday evening. 

And Toby Enqvist, chief operations officer for United Airlines, said in a statement late Friday night that "while we had to cancel and delay far more flights than we ever want to, we are poised to return to a near-normal operation on Saturday."

A timelapse shared by the Federal Aviation Administration showed flights resuming Friday afternoon.

Brigham and Women's Hospital in Boston canceled all previously scheduled surgeries and medical visits that were not considered urgent because many of the computer systems were down, preventing access to vital digital records.

"We do everything on our computers now," neuro ICU nurse Meghan Mahoney told CBS News. "…People's medical history, their allergies. So when that goes down, we have to revert back to paper charting."

Memorial Sloan Kettering Cancer Center in New York City postponed all procedures requiring anesthesia. Emory Healthcare system in Atlanta delayed certain types of surgeries. Seattle Children's Hospital closed its outpatient clinic.  

The Department of Health and Human Services said on Friday afternoon it was "working to assess the impact of the CrowdStrike outage on patient care and HHS systems, services, and operations."   

A Department of Homeland Security memo to staff obtained by CBS News said that "DHS systems are currently impacted by a global outage of the cybersecurity software CrowdStrike. This is impacting many businesses globally, as you may be seeing in the news. This was not a cyberattack."  

Portland, Oregon Mayor Ted Wheeler issued an Emergency Declaration for the city on Friday. The declaration will allow for "immediate response and resources to get city systems back to fully operational levels." In New York City, Mayor Eric Adams said the outage did not have a major impact on city operations because of previous drills that had been conducted to educate officials on how to respond to an IT issue. 

In Europe, Lufthansa, KLM and SAS Airlines reported disruptions. Switzerland's largest airport reported planes had not been allowed to land, according to CBS News partner network BBC News. In India, at the country's primary airport in Delhi, everything was being done manually. No electric check-in terminals were functioning and gate information was being updated by hand on a whiteboard, the BBC reported.

Hospitals in Germany said they were canceling elective surgeries Friday and doctors in the U.K. said they were having issues accessing their online booking system. Pharmacists in the U.K. said there were disruptions with medicine deliveries and accessing prescriptions. 

United Airlines employees wait by a departures monitor displaying a blue error screen inside Terminal C at Newark International Airport, after United and other airlines grounded flights due to a worldwide tech outage caused by an update to Crowdstrike's "Falcon Sensor" software that crashed Microsoft Windows systems, in Newark, New Jersey, U.S., July 19, 2024. Bing Guan/REUTERS

The Federal Bureau of Investigation said there were no operational problems related to the outage, though some of its systems had been affected. Those systems have workarounds that allow their use even amid the outage. 

The London Stock Exchange said it had experienced disruptions to its regulatory news service, but that trading had not been impacted. A spokesperson for the New York Stock Exchange said markets were fully operational and a normal opening was expected.

Starbucks said the outage was preventing customers from using its mobile ordering features. Delivery companies like FedEx also reported that some packages could be delayed due to the outages.

"FedEx has activated contingency plans to mitigate impacts from a global IT outage experienced by a third party software vendor. However, potential delays are possible for package deliveries with a commitment of July 19, 2024," the company said in a statement.

When will the Microsoft outages be fixed?

Even with the fix being implemented by CrowdStrike, some of the problems caused will likely take time to solve, Chief Information Officer at identity security firm CyberArk, Omer Grossman, told Reuters. He said the reason is that the problem has to do with Endpoint Detection and Response (EDR) products that run on individual client computers.

"It turns out that because the endpoints have crashed — the Blue Screen of Death — they cannot be updated remotely and the problem must be solved manually, endpoint by endpoint. This is expected to be a process that will take days," Grossman said.

In an interview with CNBC, CrowdStrike's Kurtz said many of the affected systems were already beginning to recover, and a fix could be as straightforward for some clients as rebooting their computers or servers.

He acknowledged, however, that "some systems may not fully recover, and we're working individually with each and every customer to make sure we can get them up and running and operational." 

Kurtz did not provide a timeframe, and it appeared that many companies and organizations around the world would have to rely on their own technology departments to get systems back up and running.

Kris Van Cleave contributed to this report. 

f

We and our partners use cookies to understand how you use our site, improve your experience and serve you personalized content and advertising. Read about how we use cookies in our cookie policy and how you can control them by clicking Manage Settings. By continuing to use this site, you accept these cookies.