Crowdstrike says its software update triggered worldwide Microsoft IT outages
A worldwide outage today has been traced to a fault with an update in Crowdstrike “Falcon Sensor” software, this is causing Microsoft Windows to crash and display a blue screen error. Today’s outages included heath care, card payment provides, broadcasters and many company’s worldwide. Here in the UK many NHS systems were offline for a number of hours, while other broadcasters were unable to show their programs. Microsoft Windows hosts which were brought online after 0527 UTC today would not be impacted by this outage.
This issue only impacts Microsoft Windows, Linux and MAC are not affected by this issue.
Issues with CrowdStrike’s kernel driver seem to be responsible for the global outages. The company has confirmed in a statement that the problem is not due to a cyberattack or malicious hack. Machines affected by the blue screen error can try the fix using the instructions provided below.
CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.
Channel file “C-00000291*.sys” with timestamp of 0409 UTC is the problematic version.
Workaround Steps for individual hosts:
- Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then:
- Boot Windows into Safe Mode or the Windows Recovery Environment
- NOTE: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation.
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
- Boot Windows into Safe Mode or the Windows Recovery Environment
In a statement Microsoft said “We’re aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming,” a Microsoft spokesperson says”
Shortly after the above statement was issued Crowdstrike said “Crowdstrike is actively working with customers impacted by a defect found in a single content update for Windows hosts.
“Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.
“The issue has been identified, isolated and a fix has been deployed.
“We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.
“We further recommend organisations ensure they’re communicating with Crowdstrike representatives through official channels. “Our team is fully mobilised to ensure the security and stability of Crowdstrike customers.”
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…
— George Kurtz (@George_Kurtz) July 19, 2024
I am one of the editors here at www.systemtek.co.uk I am a UK based technology professional, with an interest in computer security and telecoms.