Partner Program
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and cyber validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with over 40+ out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Security Control Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial
Platform
Platform
Comprehensive Threat Exposure Management Platform
Uni5 Xposure PlatformUni5 Xposure leverages exposure assessment and cyber validation to deliver a unified view of your cyber risks and all actionable pathways to resolve them.
IntegrationsSync with over 40+ out-of-the-box integrations.
HiveForce LabsStrategic intelligence and operational expertise to ensure comprehensive security readiness at all levels.
Solutions
Solutions
By Use Case
Total Attack Surface Management
Multi-Environment Security Scanners
Complete Exposure Assessment
Comprehensive Security Intelligence
Vulnerability & Threat Prioritization
Security Control Validation
By Role
CISO
Vulnerability Management
Security Operations
DevOps
Industry
Industry
Telecommunications
Healthcare
Financial Services
Government & Public Sector
Retail & E-Commerce
Educational Institutions
Resources
Resources
Advisories & Digests
Threat Advisories
Threat Digests
Content Library
learn
Blog
Data Sheets
Whitepapers
Press Releases
connect
Webinars & Videos
Company
Company
About Us
Careers
Our Leadership
Contact Us
Book a DemoStart Free Trial
July 19, 2024

Global IT Outage Causes Travel and Service Chaos: A Comprehensive Overview

A massive IT outage is sending shockwaves across the globe, leading to significant disruptions in travel, banking, and healthcare services. The chaos originated from two distinct issues: a misconfiguration that caused a Microsoft Azure service outage and a defective update in Crowdstrike’s Falcon antivirus software, designed to protect Microsoft Windows devices from malicious attacks.. This incident exposes the impact of vulnerabilities present in our interconnected digital world and further highlights our critical dependence on IT systems across various sectors. More below.

What Caused the Outage?

The problems began on Thursday, July 18, 2024, at 5:56 p.m. Eastern Time when a “defect” in a “content update” for Microsoft Windows devices from Crowdstrike caused widespread crashes. George Kurtz, the CEO of Crowdstrike, acknowledged the issue, stating that it was not a security incident or cyberattack but rather a technical fault. The faulty update led to significant disruptions in Microsoft 365 services and other Windows-dependent operations.

Microsoft’s Azure cloud platform also experienced issues, further complicating the situation. A configuration change within Azure caused interruptions between storage and compute resources, leading to connectivity failures that affected downstream services. This compounded the effects of the Crowdstrike update, causing even more widespread outages.

Impact on Travel and Transportation

The travel industry was one of the hardest hit by the outage. Major U.S. airlines, including American Airlines, United, and Delta, grounded flights early Friday, July 19, 2024, due to the IT issues. Airports across the world, from Sydney to London and Tokyo, reported significant delays and cancellations. According to FlightAware, over 2,100 flights were canceled, and more than 22,000 flights were delayed globally by 9 a.m. Eastern Time.

Scenes of chaos unfolded in airports worldwide, with long lines and frustrated passengers. In the U.S., the Federal Aviation Administration (FAA) reported that several airlines requested ground stops, exacerbating the delays. European airports like London’s Gatwick and Amsterdam’s Schiphol also faced severe disruptions, with many flights canceled or delayed.

Impact on Healthcare and Emergency Services

Healthcare systems around the world were significantly disrupted. In the UK, the National Health Service (NHS) reported widespread IT issues affecting GP practices and appointment systems. Hospitals in Israel and Germany canceled elective procedures and switched to manual processes, affecting patient care but not emergency services.

Emergency services in several U.S. states, including Alaska and Arizona, experienced outages in their 911 call centers. These critical disruptions forced emergency responders to find alternative communication methods, adding to the strain on their resources.

Broader Business and Financial Implications

The financial sector also felt the impact of the outage. Major banks in Australia, New Zealand, and the UK reported disruptions. Payment systems in supermarkets and other retail outlets were affected, forcing many businesses to revert to cash-only transactions. The London Stock Exchange experienced issues with its news service, although trading continued as normal.

Globally, businesses dependent on Microsoft 365 services and Azure experienced significant disruptions. From supermarkets in Australia to large container terminals in Poland, the outage hampered operations and caused logistical nightmares.

Crowdstrike & Microsoft’s Path to Stability

Crowdstrike quickly acknowledged the issue and deployed a fix. However, the recovery process is complex and time-consuming. Each affected machine requires a manual reboot in safe mode, the deletion of a specific file, and then a normal restart. This process poses a significant challenge for IT departments worldwide, particularly for large organizations with thousands of affected devices. Crowdstrike has been working tirelessly to assist customers in implementing these fixes. The company emphasized that the issue was confined to Windows hosts and did not impact Mac or Linux systems. The problematic update has been reverted, and Crowdstrike has provided detailed instructions for IT professionals to resolve the issues on individual devices.


Microsoft too acknowledged the Azure service outage on July 19, 2024, caused by a problematic configuration change. It took approximately five hours to revert to the previous stable configuration, with services beginning to recover by 06:28 UTC. During this time, affected organizations had to switch to manual operations and activate their Business Continuity Plans (BCP) to maintain critical functions.

Government and Industry Reactions

The scale of the outage prompted swift reactions from governments and industry leaders. In the U.S., President Biden was briefed on the situation, and the White House coordinated with Crowdstrike and other affected entities. The UK’s government held an emergency COBR meeting to address the crisis, underscoring the widespread impact and urgency of the situation.

On Friday morning, July 19, 2024, at 6:46 a.m. Eastern Time, Microsoft stated that “the underlying cause has been fixed, however, residual impact is continuing to affect some Microsoft 365 apps and services.” The company continued to work on additional mitigations to provide relief to affected users.

Technical Details and Workaround

The flawed update involved Crowdstrike’s Falcon Sensor software, which is critical for scanning computers for viruses and other malicious attacks. The problematic file, “C-00000291*.sys,” caused Windows devices to experience a bug check or blue screen error, leading to system crashes. Crowdstrike identified and isolated the issue, deploying a fix and reverting the problematic update.

To resolve the issue, Crowdstrike recommended a manual process to reboot each computer in safe mode, delete the faulty file, and restart the system. This workaround is necessary because there is no automated solution to apply the fix at scale. Security experts noted that while the process is relatively simple, it requires significant manpower and technical expertise, posing a substantial challenge for organizations with large numbers of affected devices.

Long-term Implications

This global IT outage serves as a stark reminder of the fragility and interdependence of modern digital infrastructure. The incident proved the need for more robust safeguards and contingency plans to prevent such widespread disruptions in the future. The economic and operational fallout from this outage will likely prompt renewed scrutiny and calls for accountability in the tech industry, pushing for higher standards and more stringent testing protocols for critical software updates.

The outage also highlights the limited liabilities faced by software companies for such massive disruptions. Until there are significant economic and legal consequences for releasing faulty updates, the incentive to ensure more rigorous testing and safeguards remains low. This incident may serve as a catalyst for regulatory changes aimed at enhancing the accountability of software providers.

While the immediate technical issues are being addressed, the global IT outage of July 18-19, 2024, has already left a strong mark on the digitally interconnected world. The interdependence of modern technology systems means that a single point of failure can cascade into a global crisis, affecting millions of people and critical services worldwide. This event should prompt a reevaluation of how we manage and secure our digital infrastructure, ensuring that we are better prepared for future incidents. As more develops, we will keep our audience informed here. For current remediation guidance and more from Crowdstrike, please visit Crowdstrike’s statement here.

Updates

July 22, 2024

In a late Friday update, CrowdStrike identified a “logic error” in a sensor configuration update to Falcon as the cause of the outage. This error, triggered shortly after midnight EST on Friday, led to system crashes and blue screens on impacted systems. CrowdStrike continues to work diligently to address the issue and provide timely updates to its customers.

CrowdStrike issued a public apology, acknowledging the severity of the situation and the inconvenience caused. The company emphasized its commitment to ensuring the security and stability of its customers by fully mobilizing its team.

Microsoft disclosed that 8.5 million Windows devices were affected by the defective CrowdStrike update, representing less than 1 percent of all Windows systems. Despite this relatively small percentage, the incident had broad economic and societal impacts due to the critical services run by enterprises using CrowdStrike. Delta Airlines, one of the hardest-hit companies, reported over 3,500 canceled flights on Friday and Saturday, with cancellations continuing into Sunday as the airline worked to restore normal operations.

To assist with the recovery, CrowdStrike launched a “Remediation and Guidance Hub” providing technical details and important areas for IT professionals to focus on, such as identifying impacted hosts and recovering cloud-based environments. Additionally, the company tested a new technique to accelerate system remediation, encouraging customers to opt-in for this faster recovery process. Microsoft also released a free tool to help IT administrators expedite recovery from the blue screen of death, offering two main repair options for virtual machines inside Azure.

Recent Resources

Dive into our library of resources for expert insights, guides, and in-depth analysis on maximizing Uni5 Xposure’s capabilities

Blog
Blog
Global IT Outage Causes Travel and Service Chaos: A Comprehensive Overview
A massive IT outage is sending shockwaves across the globe, leading to significant disruptions in travel, banking, and healthcare services.
Blog
Blog
Paris Olympics 2024: Securing The Games
The Rising Cyber Threats In recent years, the threat of cyberattacks has grown exponentially, affecting the sports sector as well.
Blog
Blog
Unmasking ArcaneDoor: A Cyber Espionage Surge Against Critical Infrastructure
Discovery of a Digital Breach Even our most sensitive governmental and infrastructural data is not guaranteed safe. A new breach
One Unified API The Future of Security Data Management with Uni5 Xposure
Blog
Blog
One Unified API: The Future of Security Data Management with Uni5 Xposure
Picture yourself as a security analyst in the midst of navigating the complex landscape of your organization’s cybersecurity. Your daily
Building Stronger Partnerships Why Threat Exposure Management (CTEM) Matters (1)
Blog
Blog
Building Stronger Partnerships: Why Threat Exposure Management (CTEM) Matters
The enterprise digital landscape is too large to simply manage. Gone are the days of securing just a physical network
Key Terms of Exposure Management What You Need to Know
Blog
Blog
Key Terms of Exposure Management: What You Need to Know
Keeping pace with the latest terminology and acronyms in cybersecurity can feel like trying to drink from a firehose. Individuals
Blog
Blog
The NVD Disruption: Navigating Through Uncertainty in Cybersecurity
In recent weeks, a significant disruption has unfolded at the US National Institute of Standards and Technology (NIST), impacting its
Blog
Blog
LockBit Takedown and Resurgence
What Happened? In a coordinated effort by National Crime Agency, Europol and multiple other internation law enforcement agencies dealt a

Book a demo and find out more about how Hive Pro can double your operational efficiency

Book a Demo