A large-scale computer failure has grounded planes, taken TV channels offline and left much of the world's infrastructure inoperable.
Cybersecurity experts said the outage was “unprecedented” in scale, affecting many of the world's largest companies.
The cause of the problems initially remained a mystery: Windows computers displayed a blue screen (BSOD), as if they had spontaneously stopped working.
But as the outage extended into Friday, the cause of the problems became clearer.
The issue appears to be related to a faulty update from cybersecurity firm CrowdStrike, which appears to have been installed overnight, causing computers to fail to boot properly.
The company has since rolled back the update, but that doesn't fix the computers that were already affected by the problems.
Representatives have provided a workaround that involves booting the computer into a special mode and then deleting the problematic file. However, this requires administrators to have access to a computer, which can be difficult if they are used remotely.
CrowdStrike has said it is “aware of reports of crashes on Windows… related to the Falcon sensor.” Falcon is a piece of software that monitors computers, looking for anyone trying to break in.
To do that, extensive access to the core components of the computer is needed. That means any bugs in the software could have a widespread and profound impact — as the world discovered on Friday.
Callers to the company's technical support line were met with a recorded phone message saying they were aware of issues Friday morning. CrowdStrike advised affected customers to log into its customer service portal for assistance.
Toby Murray, an associate professor in the School of Computing and Information Systems at the University of Melbourne in Australia, said it was possible that a “buggy” update to one of the products from global cybersecurity company CrowdStrike was the cause of the global outage.
“CrowdStrike Falcon is associated with this widespread outage,” he said.
“CrowdStrike is a global cybersecurity and threat intelligence company. Falcon is what’s known as an Endpoint Detection and Response (EDR) platform, monitoring the computers it’s installed on to detect and respond to intrusions — hacks.
“That means Falcon is a pretty privileged piece of software, because it can influence the behavior of the computers it's installed on.
“For example, if it detects that a computer is infected with malware that causes it to communicate with an attacker, Falcon could block that communication. If Falcon were to suffer an outage, it could cause a widespread outage for two reasons: first, Falcon is widely deployed on many computers, and second, because of Falcon's privileged nature.
“Falcon is a bit like anti-virus software: it is regularly updated with information about the latest online threats (so it can better detect them). We have certainly seen anti-virus updates cause problems in the past. It is possible that today’s outage was caused by a buggy update to Falcon.”
