In this article
- CRWD
watch now
VIDEO3:4703:47
Major global cyber outage hits airlines, banks and media outlets, impacting millions
Squawk Box Europe
An update by cybersecurity firm CrowdStrike led to a major IT outage on Friday, impacting businesses around the world.
CrowdStrike told NBC that it is in the process of rolling back the update that caused the issue, and later said a fix for the defect had been deployed.
"CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted," CEO George Kurtz said in a statement on X .
"This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed."
He added that customers should refer to the support portal for the latest updates and work with their CrowdStrike representatives through official channels.
Kurtz apologized to those impacted in an interview on the NBC program "TODAY" early Friday.
"I want to start by saying we're deeply sorry for the impact that we've caused to customers, to travelers, to anyone affected by this, including our company," he said.
"The system was sent an update, and that update had a software bug in it and caused an issue with the Microsoft operating system. And now we are working with each and every customer to make sure that we can bring them back online."
Kurtz added that the update was normal and part of the company's routine process to prevent security risks, but noted that an investigation would be required to see what went wrong.
The confirmation came after widespread reports of technical issues, with many Microsoft users around the world facing an error screen known as the "blue screen of death ."
CrowdStrike shares were down about 11% on Friday, while Microsoft was little changed.
VIDEO16:1016:10
Watch CNBC's full interview with CrowdStrike CEO George Kurtz
Squawk on the Street
'A major outage'
Airlines, hospitals and financial services firms were among the many businesses affected.
American Airlines , which describes itself as the world's largest, said a technology issue was affecting "multiple carriers" including American, while the Dutch arm of Air France-KLM said it had been "forced to suspend most" of its operations.
In Great Britain, the Royal Surrey hospital declared a "critical incident" and had to temporarily suspend radiography treatment. The National Health Service in England, meanwhile, said it was experiencing disruptions in the majority of doctors' practices.
Banks and financial companies around the world have reported issues, with German insurance giant Allianz saying it was "experiencing a major outage that is impacting employees' ability to log into their computers. It impacts multiple companies besides Allianz."
NBCUniversal is also being affected by the CrowdStrike outage.
See the latest updates on which companies are affected here.
'unprecedented'
Satnam Narang, senior staff researcher at Tenable, told CNBC on Friday that the outage was having a "profound impact" and was unique in its size and scope.
"The challenge here is that security software — because it's doing its job to protect organizations — it has to have more privileged access to these machines," he said.
"So ... while people may be seeing these as Windows failures, they're looking at it and seeing a little blue screen pop up, it's not actually a Windows issue, it's related to a faulty or bad update from those security software. "
Narang added, "We've never seen anything like this before, it's very unprecedented."
Omer Grossman, CIO at cybersecurity firm CyberArk, said the damage caused by this outage will be "dramatic."
"The glitch is due to a software update of CrowdStrike's EDR product. This is a product that runs with high privileges that protects endpoints. A malfunction in this can, as we are seeing in the current incident, cause the operating system to crash," he said in an emailed comment.
Getting back online is unlikely to be easy, according to Grossman.
"It turns out that because the endpoints have crashed - the Blue Screen of Death - they cannot be updated remotely and this the problem must be solved manually, endpoint by endpoint. This is expected to be a process that will take days," he added .
Disclosure: NBCUniversal is the parent company of NBC and CNBC.
Don’t miss these insights from CNBC PRO
- Berkshire has eliminated 10% of outstanding shares as Buffett values the enduring power of buybacks
- Bank of America strategist says it's time to get bearish
- Morgan Stanley is pounding the table for these stocks, including Apple, ahead of earnings
- ‘Trump trade’ could stall if Biden drops out of race, analyst says
