Microsoft Windows Update Causes Global IT Outage, Resulting in Flight Cancellations and Delays: A Look at the Root Cause and Impact on Airlines

United States of America
Channel File 291 update triggered system crash on impacted systems running Falcon sensor for Windows version 7.11 and above
Defective update for Microsoft Windows hosts identified as root cause by CrowdStrike
Delta Air Lines issued waiver allowing passengers to rebook flights without fees
Impacted software named Falcon controls how Falcon evaluates named pipe execution on Windows systems
Logic error in Channel File 291 resulted in operating system crash instead
Microsoft Windows update caused global IT outage on July 19, 2024
Multiple airlines affected including United Airlines, Delta Air Lines, and American Airlines
Named pipes used for communication in Windows, update targeted malicious named pipes in cyberattacks
Over 980 flights canceled and nearly 1,400 delays as of July 20, 2024 at 9 a.m. ET
United Airlines and Spirit Airlines also allowed customers to change flights at no extra charge
Microsoft Windows Update Causes Global IT Outage, Resulting in Flight Cancellations and Delays: A Look at the Root Cause and Impact on Airlines

On July 19, 2024, a global IT outage caused widespread disruption across various industries, resulting in numerous flight cancellations and delays. The root cause of the issue was identified as a defective update for Microsoft Windows hosts by CrowdStrike, a cybersecurity firm. This update triggered a system crash on impacted systems running Falcon sensor for Windows version 7.11 and above.

The affected software, named Channel File 291, controls how Falcon evaluates named pipe execution on Windows systems. Named pipes are used for communication in Windows and the update targeted newly observed, malicious named pipes being used by common C2 frameworks in cyberattacks. However, the logic error in Channel File 291 resulted in an operating system crash instead.

The outage affected multiple airlines such as United Airlines, Delta Air Lines, and American Airlines. As of July 20, 2024 at 9 a.m. ET, there were over 980 flights canceled and nearly 1,400 delays.

Delta Air Lines issued a waiver allowing all passengers traveling on July 19 to rebook their flights without additional fees. United Airlines also issued a waiver for select airports, while Spirit Airlines allowed customers to change their flights at no extra charge.

The Federal Aviation Administration (FAA) and the Department of Transportation (DOT) have rules regarding controllable delays by the airlines. Passengers affected by these cancellations or delays should contact their respective airlines for compensation policies.



Confidence

90%

Doubts
  • Is it confirmed that only Falcon sensor for Windows version 7.11 and above was affected by the update?
  • Were there any other contributing factors to the IT outage besides the Microsoft Windows update?

Sources

95%

  • Unique Points
    • On July 19, 2024 at 04:09 UTC, CrowdStrike released a sensor configuration update that caused a system crash on impacted Windows systems.
    • The issue was not related to a cyberattack.
    • Customers running Falcon sensor for Windows version 7.11 and above, that were online between July 19, 2024 04:09 UTC and July 19, 2024 05:27 UTC, may have been impacted.
    • The issue was caused by a logic error in Channel File 291 which controls how Falcon evaluates named pipe execution on Windows systems.
    • Named pipes are used for communication in Windows and the update targeted newly observed, malicious named pipes being used by common C2 frameworks.
    • Channel File 291 has been corrected and no additional changes will be made to it.
    • Falcon is still evaluating and protecting against the abuse of named pipes.
    • Customers can find remediation recommendations on the blog or in the Support Portal.
  • Accuracy
    • A global IT outage occurred on July 20, 2024.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

89%

  • Unique Points
    • A global IT outage on Friday caused widespread flight cancellations and delays, leaving thousands of passengers stranded.
    • The cybersecurity firm Crowdstrike identified a defect in an update for Microsoft Windows hosts as the cause of the outage.
    • There were over 980 flights canceled and nearly 1,400 delays as of 9 a.m. ET Saturday.
    • Delta issued a waiver allowing all passengers traveling Friday to rebook their flights.
    • United issued a waiver for select airports, and Spirit issued a waiver allowing customers to change their flights at no additional charge.
  • Accuracy
    • The cause of the outage was a defect in an update for Microsoft Windows hosts.
    • The issue was not related to a cyberattack.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (75%)
    The article contains a few inflammatory rhetorical statements and uses an authoritative source to provide information without explicitly endorsing their viewpoint. It also makes generalizations about the aviation industry's reliance on timings without providing specific examples or sources.
    • . . . leaving thousands of passengers stranded and frustrated.
    • The aviation sector was hit particularly hard due to its sensitivity to timings.
    • Customers can ask airlines why their flight is canceled or delayed, but the Department of Transportation confirmed that it considers the delays and cancellations caused by Friday's IT outage to be 'controllable' by the airlines.
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication

92%

  • Unique Points
    • The cause of the outage was a failed Windows update sent by CrowdStrike to its customers.
    • CrowdStrike seemed unprepared for the issue caused by their own software.
  • Accuracy
    • A global software outage occurred on July 20, 2024.
  • Deception (100%)
    None Found At Time Of Publication
  • Fallacies (100%)
    None Found At Time Of Publication
  • Bias (100%)
    None Found At Time Of Publication
  • Site Conflicts Of Interest (100%)
    None Found At Time Of Publication
  • Author Conflicts Of Interest (100%)
    None Found At Time Of Publication