The ongoing Microsoft outage caused through a faulty update by cybersecurity giant CrowdStrike has disrupted several Federal and state and local government (SLG) services nationwide.
The incident – which CrowdStrike CEO George Kurtz clarified is not the result of a cyberattack – has led the Social Security Administration (SSA) offices to close for the day, the agency said on X. The Federal Communications Commission (FCC) also said some states’ 911 services have been disrupted.
The widespread outages – affecting banks, airlines, and other essential sectors worldwide – were caused by a defective update to CrowdStrike’s Falcon security software that was pushed to Windows operating systems by the cyber firm early Friday morning.
The Department of Homeland Security (DHS), alongside the Cybersecurity and Infrastructure Security Agency (CISA), said at 9 a.m. EST that they are “working with CrowdStrike, Microsoft and our federal, state, local and critical infrastructure partners to fully assess and address system outages.”
CISA advised everyone experiencing the outage to “be aware of phishing campaigns and other malicious activity” as the agency has “observed threat actors taking advantage of this incident.”
“CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources,” the agency said just before 12:30 p.m. EST. “CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.”
CrowdStrike’s Kurtz said just before 6 a.m. EST that the “issue has been identified, isolated and a fix has been deployed.”
“Today was not a security or cyber incident. Our customers remain fully protected,” Kurtz said in an 11 a.m. EST update on X. “We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.”
CISA Director Jen Easterly said the agency is working “aggressively” with CrowdStrike and its Federal, SLG, and critical infrastructure partners to assess impacts and support remediation. “We’ll share more as it becomes available,” she said.
Thousands of Windows machines worldwide experienced the “Blue Screen of Death” – which caused PCs and servers to enter a recovery boot loop, preventing them from starting properly. Impacted services included Microsoft Teams and Microsoft 365 admin center.
Just before 6 a.m. EST, the Federal Aviation Administration (FAA) said that it was “monitoring a technical issue impacting IT systems at U.S. airlines” and that several airlines “have requested FAA assistance with ground stops until the issue is resolved.”
FAA noted that its own operations were not impacted by the global IT outage, but that ground stops and delays will be “intermittent at various airports as the airlines work through residual technology issues.”
The FCC said it is aware of reports of a systems outage causing disruptions in service, including 911. The issue impacted emergency services in several states, including Alaska, Arizona, Indiana, Minnesota, New Hampshire, and Ohio.
“We’re working closely with other federal agencies to provide assistance and determine the extent of these service disruptions,” the FCC said.
Department of Veterans Affairs (VA) Press Secretary Terrence Hayes said that, at this time, VA “is not aware of any impact on health care operations or any adverse impact on Veterans who get their care from VA.”
“We will continue to monitor this situation, and we encourage any Veterans who need support – including those who may be impacted by challenges at non-VA health care facilities – to call 1-800-MYVA411 or visit their local VA medical center for assistance,” Hayes said. “We are standing by and ready to help.”
A Pentagon spokesperson said that, for operational security reasons, the agency does not comment on the status of its network, but is “aware of the reporting and personnel are monitoring our networks for possible impacts.”
A White House official told a pool reporter that President Biden “has been briefed on the CrowdStrike outage and his team is in touch with CrowdStrike and impacted entities. His team is engaged across the interagency to get sector by sector updates throughout the day and is standing by to provide assistance as needed.”
Rep. Adriano Espaillat, D-N.Y., said on X that his office is closely monitoring the global outage related to CrowdStrike systems and the direct impact to state and Federal operations.
“While there has been no direct impact to NYC agencies and emergency operations, I am urging an investigation into the causes behind this incident to prevent further and future disruption,” he said.