Technology

Crowdstrike’s faulty update causes a global Windows blackout, disrupting critical operations

Published

1 month ago

July 20, 2024

Crowdstrike's faulty update causes a global Windows blackout, disrupting critical operations

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn more

Microsoft Windows, the leading PC platform for consumers and businesses worldwide, is experiencing an unexpected outage, disrupting critical operations including those of leading banks, airlines, news outlets, supermarkets and even stock exchanges.

The users of Windows computers are getting Blue Screen of Death (BSOD) error when starting their PC. The issue causes a boot loop and prevents users from accessing the operating system for work. The exact extent of the problem remains unclear, although the flood of complaints on X indicates that at least thousands of PCs worldwide used for daily work are affected.

Something very strange is happening right now: I’ve been getting calls from several completely different media outlets in the last few minutes, all with Windows machines suddenly BSoDing (Blue Screen of Death). Has anyone seen this yet? It looks like it’s entering recovery mode: pic.twitter.com/DxdLyA9BLA
— Troy Hunt (@troyhunt) July 19, 2024

Microsoft hasn’t commented on the issue yet, but it seems like the problem stems from this Crowdstrikewhich is known for strengthening the cybersecurity of enterprise systems, including Windows machines.

This comes as the Satya Nadella-led company also continues to repair a separate issue with its Microsoft 365 apps and services at the same time.

Windows outage disrupts global services

A few hours ago, organizations from different parts of the world, operating in completely different sectors, started reporting disruptions in their services. Most of them mentioned technical problems with their systems, which came from an external partner. What is even more worrying, however, is the scale of the problem. It appears that several critical operations have been affected, including those of global airlines, airports and banks.

The airlines and airports reportedly affected by the issue include American Airlines, Delta Airlines, United Airlines, Ryanair, Indigo, Air Asia, KLM Airlines, Los Angeles International Airport, Hong Kong Airport, Berlin Airport, Prague Airport, Amsterdam Airport, Sydney Airport, Edinburgh Airport, Düsseldorf Airport and Japan’s Narita Airport.

KLM and other airlines and airports have been hit by a global computer outage, making flight handling impossible. We realize that this is very difficult for our customers and employees, especially in the middle of the summer holidays. We are working hard to resolve the issue… pic.twitter.com/O4gm7u0DIW
— KLM (@KLM) July 19, 2024

Banks known to be affected include the Israeli Central Bank, Ukraine’s Sense Bank, Capitec (South Africa’s largest bank) and National Australia Bank, Commonwealth Bank and Bendigo. Other organizations in key sectors were also affected, including the London Stock Exchange, Australian energy company AGL, Sydney Metro, Govia Thameslink Railway and NHS in the United Kingdom, and broadcasters and publications including Sky News. Even 911 services in some parts of the US have been affected.

The NHS is aware of a global IT outage and a problem with a GP appointment and patient record system.
If you have an appointment, please come by unless you are told otherwise. If you need help you can use 111 online or by phone and in an emergency call 999.
➡️https://t.co/M4QxHP2GqM
— NHS England (@NHSEngland) July 19, 2024

It seems to be a worldwide problem.
— Mike Santiago (@miguelcontrol) July 19, 2024

Crowdstrike Falcon is blamed: a solution is being worked on

With many systems still affected, the problem is limited to cybersecurity company Crowdstrike.

Hi,
We are currently experiencing system issues due to the CrowdStrike outage. We apologize for the difficulties you experienced in reaching us by telephone or online.
Thank you for your understanding.
— AGL (@AGLEnergy) July 19, 2024

According to the company subreddit, the problem is caused by the cloud-native Falcon sensor, a small software agent installed on endpoints such as computers, servers, and mobile devices to continuously monitor for suspicious activity and potential threats. In this case, it appears that a content deployment (an update) of the sensor broke the machines it was installed on.

The subreddit’s moderator pointed out that the change has been reverted. However, if the issue persists, users or their IT teams can try the following steps:

Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the folder C:\Windows\System32\drivers\CrowdStrike
Find the file corresponding to “C-00000291*.sys” and delete it.
Boot the host normally.

George Kurtz, Crowdstrike’s president and CEO, said this is a security incident, not a cyberattack, and that the company is actively working with affected organizations through official channels.

CrowdStrike is actively working with customers affected by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not affected. This is not a security incident or cyber attack. The problem has been identified, isolated and a solution implemented. We…
— George Kurtz (@George_Kurtz) July 19, 2024

For its part, Microsoft has not yet commented on the entire issue.

A problem of this magnitude is catastrophic. Not to mention, with every system affected, it will take hours, perhaps even days, for the affected organizations to resolve the issue and resume normal operations.

“It turns out that because the endpoints crashed – the Blue Screen of Death – they cannot be updated remotely and this issue has to be resolved manually, one endpoint at a time. This is expected to be a process that will take days,” said Omer Grossman, chief information officer at CyberArk, a cybersecurity company known for providing identity and access management solutions.