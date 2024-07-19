A widespread Microsoft outage linked to cybersecurity firm Crowdstrike disrupted San Diego County public agencies and flights at the San Diego International Airport Friday.

The website DownDectector, which tracks user-reported internet outages, recorded growing outages in services at Visa, ADT security and Amazon, and major U.S. carriers including Delta and United.

The same outage was affecting services locally, including the airport, the San Diego County Sheriff's Department and the San Diego County Superior Court.

CrowdStrike CEO George Kurtz posted on social media platform X that the company “is actively working with customers impacted by a defect found in a single content update for Windows hosts.”

He added the incident is not security-related or a cyberattack.

"The issue has been identified, isolated and a fix has been deployed.”

The issue affected Microsoft 365 apps and services, and escalating disruptions continued hours after the technology company said it was gradually fixing it.

Microsoft 365 posted on X that the company was “working on rerouting the impacted traffic to alternate systems to alleviate impact in a more expedient fashion” and that they were “observing a positive trend in service availability.”

Here's what's affected in San Diego:

San Diego International Airport

The airport had about 73 delays and 15 cancellations by 8 a.m. Monday, affecting nearly every airline, according to the flight tracking website FlightAware.

"Due to a number of flight delays, SAN passengers should check with their airlines before coming to the airport today," the airline said in a post on X.

While the airport didn't point to the global outage as a cause for delays, several airlines across the county reported being affected.

The FAA said the airlines United, Delta and Allegiant had all been grounded. American Airlines lifted its ground stop just after 2 a.m PT, saying they were able to "safely re-establish operations."

FlightAware reports more nearly 1,000 flights canceled and over 12,000 more are delayed across the country.

An earlier ground stop for Frontier Airlines was lifted just after midnight, and the carrier said they had resumed normal operations, for now.

Currently, Southwest Airlines and Frontier appeared to be operating normally.

MTS

San Diego's transit system said there may be delays in scheduled services, as a second hand result of the outage. Many of their employees were experiencing delays at the border, where wait times were being reported more than four hours long.

San Diego County Sheriff's Department

The sheriff's department said they were affected for about 5 hours and had most of their computers back up and running by 8 a.m. They aimed to have everything running by mid-day.

"We have been working immediately and diligently throughout the night, prioritizing our intake and medical facilities, and we manually processed the arrestees who were in the process of being booked. Everyone is safe," the department said in a statement.

San Diego County Superior Court

The Superior Court said they were affected by the outage and prioritized repairing operations in the courtrooms.

"If you have a court date this morning, please report to the courtroom as scheduled," the court said in a statement. "If you were permitted to and planned to appear remotely, you may do so, however, you may need to wait in the Microsoft Teams 'lobby' if that courtroom has not yet been repaired. We hope that all courtrooms will be operational later this morning.

The court said their online application systems and telephones were operational.

What is Crowdstrike Falcon?

Founded in 2011, the Texas-based Crowdstrike is a cloud-based cybersecurity platform used by a major share of the global tech market. More than half of Fortune 500 companies use their software known as Falcon to keep their systems safe from malware and cyberattacks, according to Crowdstrike.

How does Crowdstrike work?

Falcon provides what's known as "endpoint detection response" capabilities. That means if Falcon detects a threat, it has the ability to stop itself instead of just alerting a company.

"Falcon Prevent can stop execution of malicious code, block zero-day exploits, kill processes and contain command and control callbacks," the company says in its FAQs.

In order to do this, the software must have broad privileges to run across a computer's internal systems and programs. This web of integration between Falcon and a computer's core software — in this case Microsoft 365 — means if Falcon crashes or malfunctions, it can have a ripple affect within the core system.

What caused the global IT outage on Friday?

CrowdStrike CEO George Kurtz said Friday's outage was not a security incident or cyberattack. Kurtz said there was a defect in a “single content update for Windows hosts.” The issue affected Microsoft 365 apps and services.

Mac and Linux hosts were not affected.