Update from Cybersecurity Company Crowd Strike It caused a major IT outage on Friday, affecting businesses around the world.
CrowdStrike told NBC that it was in the process of rolling back the update that caused the issue, and later said a fix for the bug had been posted.
“CrowdStrike is actively working with customers affected by a flaw found in a single content update for Windows hosts. Mac and Linux hosts are not affected,” CrowdStrike CEO George Kurtz said in a statement on X.
“This is not a security incident or cyber attack. The issue has been identified, isolated, and a fix has been deployed.”
He added that customers should refer to the support portal for the latest updates and work with CrowdStrike representatives through official channels.
Kurtz apologized to those affected in an interview on NBC's “TODAY” show early Friday.
“I want to start by saying that we are deeply sorry for the impact this has caused to customers, travelers and anyone affected by this, including our company,” he said.
“A system update was sent out, and that update had a software bug that caused an issue with Microsoft’s operating system. We are now working with each customer individually to make sure we can get it back up and running.”
Kurtz added that the update was normal and part of the company's routine process to prevent security risks, but he noted that an investigation is needed to find out what went wrong.
The confirmation came after widespread reports of technical issues, with many Microsoft Users all over the world are facing an error screen known as the “Blue Screen of Death”.
CrowdStrike shares fell about 11% on Friday, while Microsoft shares were little changed.
“major outage”
Airlines, hospitals and financial services companies were among the many businesses affected.
American Airlines American Airlines, which describes itself as the world's largest, said a technical problem affected “multiple airlines” including American Airlines, while the Dutch arm of Air France-KLM said it had “had to suspend most” of its operations.
In Great Britain, the Royal Surrey Hospital declared a “serious incident” and had to temporarily suspend radiotherapy. Meanwhile, the National Health Service in England said it was experiencing disruptions at most doctors’ surgeries.
Banks and financial companies around the world reported problems, with German insurance giant Allianz saying it was “experiencing a major outage affecting employees' ability to log into their computers. It also affects many companies besides Allianz.”
NBCUniversal is also affected by the CrowdStrike outage.
You can see the latest updates on affected businesses here.
'Unprecedented'
The outage had a “profound impact” and was unique in its size and scope, Satnam Narang, a senior researcher at Tenable, told CNBC on Friday.
“The challenge here is that security software — because it does its job of protecting organizations — needs to have more access to these devices,” he said.
“So… while people might see these issues as a Windows failure, they look at it and they see a little blue screen appearing, and it's actually not a Windows problem, it's a bad or faulty update of those security software.”
“We have never seen anything like this before, it is completely unprecedented,” Narang added.
The damage from the outage would be “dramatic,” said Omar Grossman, CTO of cybersecurity firm CyberArk.
“The vulnerability is due to a software update to CrowdStrike’s EDR product,” he said in an emailed comment. “It is an elevated privileged product that protects endpoints. A flaw in this product, as we see in the current incident, can lead to an operating system crash.”
Getting back online is unlikely to be easy, Grossman said.
“It turns out that due to the endpoints being down – the blue screen of death – they cannot be updated remotely and this issue has to be resolved manually, endpoint by endpoint. This process is expected to take days,” he added.
Disclosure: NBCUniversal is the parent company of NBC and CNBC.