A recent CrowdStrike Falcon update has caused a massive IT outage, impacting businesses and services worldwide, including Microsoft 365. The update, which affects Windows hosts but not Mac or Linux, led to widespread disruption as devices experienced Blue Screens of Death (BSOD).
The issue originated from a defective content update pushed by CrowdStrike, a cybersecurity company renowned for its Falcon endpoint detection and response (EDR) product. This product protects over 24,000 customers globally, scanning thousands of endpoints like computers and IoT devices to thwart cyber threats.
The update malfunction resulted in significant operational halts across various sectors, with reports surfacing early Friday from Australia and rapidly spreading to the UK, India, Germany, the Netherlands, and the US.
The consequences were severe. Major airlines, including United, Delta, and American Airlines, imposed a global ground stop, and TV stations like Sky News went offline. Airports faced extensive delays, with passengers receiving hand-written boarding passes in India. UK’s NHS reported disruptions in GP appointments and patient records, while train operators faced network-wide delays.
CrowdStrike's CEO, George Kurtz, confirmed the issue, stating it was neither a security incident nor a cyberattack. The company identified, isolated, and deployed a fix for the update. Customers were advised to refer to the support portal for further instructions and to ensure communication through official channels. Kurtz apologized for the disruptions, emphasizing CrowdStrike's commitment to resolving the issue and maintaining customer security and stability.
The malfunctioning update particularly affected devices running Microsoft’s Windows operating system. Microsoft acknowledged the issue, linking it to CrowdStrike's update, and worked on rerouting impacted traffic to mitigate the effects. Throughout the day, Microsoft provided updates via their status page and admin center, gradually restoring services. Microsoft 365 apps and services, including 365 Cloud PCs, have also been affected.
The incident underscores the critical reliance on IT and cybersecurity systems. CrowdStrike’s Falcon Sensor, which aims to prevent cyber intrusions, became a single point of failure, demonstrating the potential widespread impact of software issues. This event highlights the need for robust testing and contingency planning in software updates to avoid such disruptions in the future.
As systems continue to recover, affected organizations are advised to ensure all Windows hosts are updated with the latest CrowdStrike fix, verify communications with CrowdStrike through official support channels, and follow Microsoft’s guidance for rerouting traffic and restoring services.
A solution confirmed to be working is the following:
- Boot Windows into Safe Mode or Windows Recovery Environment.
- Navigate to the directory: C:\Windows\System32\drivers\CrowdStrike
- Locate the file named “C-00000291*.sys” and delete it
- Restart the system
While the underlying cause of the outage has been addressed, residual impacts persist, and there’s currently no official information about when the situation will be fully resolved.
Cisco Secure Email Gateway Vulnerable to Arbitrary File Overwrite
Leave a Reply