A defective software update in CrowdStrike Falcon Sensor caused Windows computer systems to crash across the globe Friday, leading to massive disruptions of critical functions across multiple industries. 

The outage forced major commercial airlines, including Delta, American and United, to halt flights across the globe, disrupted certain operations at major broadcast networks and impacted commercial bank operations. 

CrowdStrike CEO George Kurtz apologized for the incident and said a fix had been deployed to resolve an issue with a Falcon content update, in an updated statement.

“We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption,” Kurtz said in the emailed statement. “We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.”

As details of the outage unfolded, Kurtz was quick to say the incident was not related to a cyberattack or other security incident and the issue had been identified, isolated and a fix had been deployed.

Microsoft warned that Microsoft 365 users would not be able to access various applications and services, according to a status update. 

“Earlier today, a CrowdStrike update was responsible for bringing down a number of IT systems globally,” a Microsoft spokesperson said in a statement. “We are actively supporting customers to assist in their recovery.”

However, the company said it was applying mitigation steps to improve the ability of Microsoft 365 applications to function. 

“Our telemetry is indicating that the remaining impacted scenarios are progressing towards a full recovery, and we’re closely monitoring to ensure this progress continues,” Microsoft said in the update. 

Regulatory agencies across sectors are following the outage, too. The Securities and Exchange Commission said it was aware of the IT disruption and was monitoring for any market impacts, in a statement on X. The Federal Aviation Administration said it was working closely with the airline industry to work through issues related to the global IT outage, according to an update on X.

The agency said ground stops and delays at various airports will be intermittent as airlines work through residual impacts of the outage, a spokesperson said via email.

The Cybersecurity and Infrastructure Security Agency is working closely with CrowdStrike, along with critical infrastructure and federal, state and local governments to assess the impact, a spokesperson said via email. 

Software industry analysts and security experts raised concerns about how a defect involving a single vendor could potentially lead to such massive disruption of services. 

“It is still too early to determine how such an error occurred, and whether a code fault with the driver, or an unanticipated and undocumented change in the Windows operating system which CrowdStrike was unable to predict, is responsible,” Rob Reeves, principal cyber security engineer at Immersive Labs, said in a statement. 

However, Reeves noted that heavy reliance on Falcon is a “double-edged sword” causing untold disruption to global systems. 

Major carriers were able to restore some service Friday, but expect continued delays. American Airlines said it was able to restore service at 5 a.m. Eastern time on Friday, however warned it expected additional delays and flight cancelations, in an updated post on it’s website, a sentiment Delta and United echoed.