Microsoft's massive outage now hits Apple Pay terminals worldwide

The vast majority of corporate IT worldwide is struggling on Friday morning, with things as mundane as point-of-purchase, and as complex as flight management not working because of a bad Windows security patch by security firm CrowdStrike.

While the failure is confined to Windows systems, it's significantly worse than previous Microsoft outages, because of the scale. American Airlines, Delta, and United, each grounded all aircraft, according to BBC News, TV stations including MTV, VH1, CMT, Sky News, and ABC News Australia went off air.

What's directly affecting Apple users is that there are now reports of supermarkets around the world having problems accepting Apple Pay and other contactless payments. This will be because they are using Windows-based terminals, but it's not clear either how widespread this issue is, nor why it isn't affecting all users.

The outage was caused by a software update by security firm Crowdstrike. The company has issued a brief statement saying that it was one issue in an update, and that "this is not a security incident or cyberattack."

"CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts," continues the statement. "Mac and Linux hosts are not impacted."

"The issue has been identified, isolated and a fix has been deployed," says the company.

Crowdstrike has not given a timescale for when the fix will be adequately rolled out worldwide. At present, the issue is continuing, and at time of writing, Apple Pay has been seeing a spike in outages, presumably because of it.

68 Comments

BlueLightning 146 comments · 7 Years

About 1 month ago

Surprised something like this would get past testing (assuming testing was done).

A number of books have been written on the anticipated failure of complex systems, sometimes looking at telecommunications or power delivery.

AppleZulu 2119 comments · 8 Years

So this is where we see letting third-party vendors have that level of access to the OS in order to provide security becomes a vulnerability in itself.

avon b7 7937 comments · 20 Years

My scheduled video conference with HP has hit the skids. I was told at 8am this morning that IT support were working on the problem but I doubt they'll apply the machine-by-machine workaround offered by Crowdstrike which requires booting into Safe Mode and deleting a file.

It's touch and go for the meeting which is scheduled to start in 30 minutes.

It is more likely they'll wait for the fix from Crowdstrike to flush through the systems.

Global automated updates should be rolled out in phases to catch these glitches before they become wildfires.

I see some airlines still have boarding cards that can be handwritten for the lucky ones who have been able to get off the ground.

EDIT: meeting postponed.

AppleZulu said:

So this is where we see letting third-party vendors have that level of access to the OS in order to provide security becomes a vulnerability in itself.

These issues can affect first party vendors in exactly the same way.

If your systems permeate the fabric of the internet (in the deployment sense), the scope for trouble is there but everyone (first or third party) should have resilience designed into their systems.

Crowdstrike says this is the result of a botched update as opposed to a security or cyber attack situation but having it propagate so far and so quickly has to be looked at and resolved.

Any vendor could be hit by botched processes so that includes Apple, Meta, Google, Microsoft, Amazon Huawei etc in the deployment sense and the likes of Cloudfare in an infrastructure sense.

I suppose using a third party solution might even be favorable in some situations.

Luckily, these situations don't usually hit the headlines very often but some might ask 'how much of that is literally down to 'luck' itself?