CrowdStrike’s Role In the Microsoft IT Outage, Explained

The major Microsoft IT outage on Friday that grounded flights, sent TV stations off air, and disrupted online hospital systems has been linked to a third party—a cybersecurity Technology firm named CrowdStrike. 

CrowdStrike’s CEO George Kurtz has spoken out about the outage, apologizing for the disruption caused. 

As the fallout from the event continues to impact people worldwide, here’s a breakdown of how exactly CrowdStrike is involved and what transpired.

Read More: How to Protect Yourself From Scams Following the CrowdStrike Microsoft IT Outage

What caused the Microsoft outage? 

Early Friday, companies in Australia running Microsoft’s Windows operating system started reporting devices showing, what is commonly referred to as, “blue screens of death.” According to Microsoft’s website, this happens “if a serious problem causes Windows to shut down or restart unexpectedly.”

These disruptions then spread rapidly, impacting companies and communities around the world. The U.K., India, Germany, the Netherlands, and the U.S., reported disruptions. Meanwhile,  United, Delta, and American Airlines issued a “global ground stop” on all flights.

The cause of this outage came from a faulty update from CrowdStrike, deployed to computers running Microsoft Windows. The issue was specifically linked to Falcon, one of the companies main products, which does not impact Mac or Linux operating systems.

Launched in 2012 CrowdStrike’s cybersecurity software is now used by 298 of Fortune 500 companies, including banks, energy companies, Healthcare companies, and food companies.

According to David Brumley, professor of electrical and computer engineering at Carnegie Mellon University, this was a perfect storm of issues. “Their code is buggy, and it was sitting there as a ticking time bomb,” Brumley says.

He says there are three steps cybersecurity teams should typically implement when rolling out an update. First, there should have been rigorous software testing to catch bugs; second, there should have been testing on different types of machines; and third, the roll out should have been slow with smaller sets of users to screen for negative ramifications.

“Companies like Google will roll out updates incrementally so if the update is bad, at least it will have limited damage,” says Brumley, adding that the issue may only get more pronounced.

 “What we’re seeing and what we’ll continue to see is a huge consolidation in the cybersecurity department, and that’s why we're seeing so many people affected at once,” says Brumley. “We need to be asking, ‘What choices can we give people if companies mess up?’”

How has CrowdStrike responded to the outage felt worldwide?

Appearing via a video link on The Today Show on Friday, CrowdStrike’s CEO delivered an apology to the public:

“We're deeply sorry for the impact that we've caused to customers, to Travelers, to anyone affected by this, including our companies,” Kurtz said. “That update had a software bug in it and caused an issue with the Microsoft operating system...we identified this very quickly and remediated the issue.”

Kurtz was clear that this was not a cybersecurity issue nor an attack of any kind, but an issue coming from inside the company.

Though they’ve deployed the changes necessary to help remedy the issue, customers are still having issues, and it may be some time before systems across the globe are all fully operational.

In a statement emailed to TIME, CrowdStrike said that they are “actively working with customers impacted by a defect found in a single content update for Windows hosts.”

They also clarified, once more, for those concerned that the issue is not a security incident, and that the problem has been “identified, isolated, and a fix has been deployed.”

Kurtz has also shared this information on his personal X (formerly Twitter) account.

According to Forbes, Kurtz’s net worth had dropped $300 million as of Friday afternoon—from $3.2 billion to $2.9 billion–amid fallout from the IT outage.The CEO’s wealth is enmeshed with CrowdStrike shares, which dropped drastically following the incident. 

On The Today Show segment, Kurtz said that CrowdStrike has been on the phone with customers all night, and that the issue was resolved for many when they rebooted their systems.However, he says the company will not “relent until we get every customer back to where they were and keep the bad guys out of their systems.”

If hosts are still crashing and unable to stay online to download CrowdStrike’s fix, the company has provided a workaround to the issue on its blog.

How has Microsoft responded to the IT outage?

On Thursday night, Microsoft 365 posted on X that the company was “working on rerouting the impacted traffic to alternate systems to alleviate impact” and that they were “observing a positive trend in service availability.”

As the disruption continued on Saturday, David Weston, Vice President of Enterprise and OS Security at Microsoft, published a blog post titled, “Helping our customers through the CrowdStrike outage.”

In the blog post, Weston said that Microsoft estimates “CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines.” Still, he goes on to say that the outage “demonstrates the interconnected nature of our broad ecosystem—global cloud providers, software platforms, security vendors and other software vendors, and customers.”

Weston also stated that Microsoft is “working around the clock” to help customers. He referenced the steps they are taking with CrowdStrike to mediate the effects of the outage, the company’s own post demonstrating manual fixes of the issue. Customers can also track the status of the incident through the “Azure Status Dashboard.”

TIME has reached out to Microsoft 365 for further comment.