The flaw affected hundreds of millions of personal computers and computers that use Microsoft’s Windows operating system, which powers many back-end systems such as those used by airlines, digital payments and emergency services call centers.
CrowdStrike said the issue was not a cyberattack or security incident.
Get caught up in
Stories to keep you up to date
While computer network outages are not uncommon, experts said they were surprised that a software error at one company could spread to so many computer systems. They said it was a double whammy: An error in widely used CrowdStrike software took down computers running mainstream Windows software.
“We’ve never seen a cascading outage like this, probably never have we seen it before,” said Chuck Herrin, an executive at digital security firm F5.
Marie Basek, an associate professor in the computer science department at University College London, said the widespread computer meltdown showed how dependent the world’s technology systems are on software from a small number of companies, including Microsoft and CrowdStrike.
“The problem here is that Microsoft is the standard software that everyone uses, and the CrowdStrike bug was deployed to every system,” she said.
Vasek said technology networks have become so widespread, complex and interconnected that a mistake in a single line of software code is increasingly likely to take down an entire computer network.
She and other information technology experts also said CrowdStrike’s digital protections are deemed essential, so the company’s technology has priority access on many computer systems — that if something goes wrong with CrowdStrike’s software, that privileged access could shut down the computers.
CrowdStrike said in a statement that it is “working with all affected customers to ensure that our systems are restored and we can provide the service they expect.”
Some businesses affected by the CrowdStrike glitch, including banks and emergency service centers, said on Friday they had deployed CrowdStrike’s repaired software and were beginning to recover from the computer network meltdown.
One challenge in recovery is that technicians may need to access back-end computer servers in far-flung data centers to install software updates and reboot machines, Herrin said. He warned that problems with flights, surgeries and payroll systems could persist for days to come.
Vasek said both Microsoft and CrowdStrike needed to review their procedures to prevent such widespread technology outages from happening again.
He said CrowdStrike needed to consider how to securely update its software across a network of millions of computers, and that Microsoft needed to do more to prevent updates to other companies’ software from crippling Windows machines.
“Microsoft needs to figure out how to check that their software is working as it should,” she said.
Microsoft did not directly address the criticism but said in a statement that the company was “actively working to help our customers recover.”
The company also reported outages with some of its popular web-connecting software for business and government technology networks.
It was not immediately clear how much of Friday’s computer network outages were due to flaws in CrowdStrike’s software updates and how much was due to problems that began Thursday with Microsoft’s online services and its enterprise cloud-computing service, Azure.
A Microsoft spokesman said the company doesn’t believe the CrowdStrike software bug was related to the outage that affected “a small percentage of Azure customers.” The issue has been resolved, he said.
This is breaking news and will be updated.