Crowdstrike’s faulty update triggers global Windows blackout, disrupting critical operations

Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More

Microsoft Windows, the leading PC platform for consumers and enterprises worldwide, is going through an unexpected outage, disrupting critical operations, including those of leading banks, airlines, news broadcasters, supermarkets and even stock exchanges.

The users of Windows computers are getting a blue screen of death (BSOD) error upon launching their PCs. The issue triggers a boot loop and keeps users from accessing the operating system for work. The exact scale of the problem remains unclear, although the flurry of complaints on X indicates at least thousands of global PCs being used for day-to-day work have been affected.

Something super weird happening right now: just been called by several totally different media outlets in the last few minutes, all with Windows machines suddenly BSoD’ing (Blue Screen of Death). Anyone else seen this? Seems to be entering recovery mode: pic.twitter.com/DxdLyA9BLA— Troy Hunt (@troyhunt) July 19, 2024

Microsoft has not yet commented on the matter, but it appears the problem has stemmed from Crowdstrike, which is known for strengthening the cybersecurity posture of enterprise systems, including Windows machines.

This comes as the Satya Nadella-led company also continues to repair a separate issue with its Microsoft 365 apps and services at the same time.

Windows outage disrupting global services

A few hours ago, organizations from different parts of the world operating in completely different sectors began reporting disruption in their services. Most of them cited technical issues with their systems, stemming from a third-party partner. However, what’s even more worrying is the scale of the problem. It appears to have hit several critical operations, including those of global airlines, airports and banks. 

The airlines and airports that have reportedly been affected by the issue include American Airlines, Delta Airlines, United Airlines, Ryanair, Indigo, Air Asia, KLM Airlines, Los Angeles International Airport, Hong Kong Airport, Berlin Airport, Prague Airport, Amsterdam Airport, Sydney Airport, Edinburgh Airport, Dusseldorf Airport and Japan’s Narita airport. 

KLM and other airlines and airports have been affected by a global computer outage, making flight handling impossible. We realise that this is very inconvenient for our customers and staff, particularly in the midst of the summer holiday season. We’re working hard to resolve the… pic.twitter.com/O4gm7u0DIW— KLM (@KLM) July 19, 2024

Meanwhile, banks known to have been affected are Israel’s central bank, Ukraine’s Sense Bank, Capitec (South Africa’s largest bank) and National Australia Bank, Commonwealth Bank and Bendigo. Other organizations in critical sectors were also affected, including the London Stock Exchange, Australian energy company AGL, Sydney Metro, Govia Thameslink Railway and NHS in the UK, and broadcasters and publications, including Sky News. Even 911 services in some parts of the U.S. have been hit.

The NHS is aware of a global IT outage and an issue with a GP appointment and patient record system.If you have an appointment please do attend unless you are told otherwise. If you need help use 111 online or by phone and in an emergency call 999.➡️https://t.co/M4QxHP2GqM— NHS England (@NHSEngland) July 19, 2024

It’s seems to be a worldwide issue.— Mike Santiago (@miguelcontrol) July 19, 2024

Crowdstrike Falcon to blame: Fix in progress

As many systems continue to be impacted, the problem has been narrowed down to cybersecurity firm Crowdstrike. 

Hi,We’re currently experiencing system issues due to the CrowdStrike outage. We apologise for any difficulties you’ve had reaching us by phone or online.Thank you for your understanding.— AGL (@AGLEnergy) July 19, 2024

According to the company’s subreddit, the issue has been caused by its cloud-native Falcon sensor, a small software agent that is installed on endpoints like computers, servers, and mobile devices to continuously monitor for suspicious activity and potential threats. In this case, it appears some content deployment – an update – to the sensor broke down the machines it was installed upon.

The moderator of the subreddit pointed out that the change has been reverted. However, if the problem persists, users or their IT teams can try the following steps:

Boot Windows into Safe Mode or the Windows Recovery Environment

Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

Locate the file matching “C-00000291*.sys”, and delete it.

Boot the host normally.

George Kurtz, the President and CEO of Crowdstrike, said this is a security incident, not a cyberattack, and the company is actively working with impacted organizations through official channels.

CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…— George Kurtz (@George_Kurtz) July 19, 2024

Microsoft, on its part, has yet to comment on the whole matter.

A problem of this scale is catastrophic. Not to mention, given each system has been impacted, it will take impacted organizations hours, maybe even days, to get the fix and resume normal operations.

“It turns out that because the endpoints have crashed – the Blue Screen of Death – they cannot be updated remotely and this problem must be solved manually, endpoint by endpoint. This is expected to be a process that will take days,” says Omer Grossman, chief information officer at CyberArk, a cybersecurity company known for providing identity and access management solutions.

VB Daily
Stay in the know! Get the latest news in your inbox daily

By subscribing, you agree to VentureBeat’s Terms of Service.

Thanks for subscribing. Check out more VB newsletters here.

An error occured.