Update 02:01 PDT
UK broadcaster BBC, are reporting that Microsoft are linking the issue to CrowdStrike’s update, this is the first time that Microsoft has publicly stated this since the news broke.
Original Story
It is still quite nebulous, but it seems that a recent CrowdStrike code update is bricking Windows machines across the world. The issue which occurred late in the night of July 18 is impacting companies of all scales. In the United Kingdom, the London Stock Exchange, television companies, flight operators and train companies are impacted. The dreaded Blue Screen of Death (BSoD) is appearing on Windows machines across the world. The cause is believed to be a recent CrowdStrike update with an alleged screenshot appearing on X (formerly Twitter) seemingly confirming the issue.
According to the BBC News website, Microsoft are taking “mitigation actions” as the issue impact its cloud and Office365 services.
We spotted the start of this issue via the creator of haveibeenpwned, Troy Hunt’s post on X, formerly Twitter.
Something super weird happening right now: just been called by several totally different media outlets in the last few minutes, all with Windows machines suddenly BSoD’ing (Blue Screen of Death). Anyone else seen this? Seems to be entering recovery mode: pic.twitter.com/DxdLyA9BLAJuly 19, 2024
We’ve been monitoring this issue and there is plenty of finger-pointing on social media, nothing official has been released. Given the scale, those investigating will likely be attempting to resolve or rollback the issue, and the source of the issue will be revealed in a future report.
It’s confirmed !! Crowdstrike Issue Guys, they are working on it, in about maybe 45 mins things will be fix #csagent #crowdstrike #BSOD pic.twitter.com/0mkfRbUAF8July 19, 2024
The alleged source of the issue is Falcon Sensor, “The intelligent, lightweight CrowdStrike Falcon sensor, unlike any other, blocks attacks on your systems while capturing and recording activity as it happens to detect threats fast.” according to the CrowdStrike website
The impact of the issue is global and it seems that today is a bad day for Windows users.
- Reuters are reporting that IT systems for the upcoming Olympic Games in Paris are affected, with the organizers moving to a contingency process.
- United, Delta and American Airlines have issued a “global ground stop” on all of their flights. Flights already in the air will continue, and there are no apparent safety issues.
- Australian Telstra Group, a telecommunications company is also facing disruption.
- Airports across the UK are reporting delays and flight suspensions. Barcodes used for security checks at London Gatwick are not working, with security checks conducted manually.
- India’s Delhi airport has resorted to manual processing of passengers and flight times communicated via a whiteboard.
- Railway companies are reporting delays.
- Sky TV and BBC Children’s channel CBBC are off the air, with Sky running old stories.
At the time of writing, it is believed that there are no personal data loss or safety issues. The issue doesn’t seem linked to any cyber attacks, merely a bad update could be to blame.
Brody Nisbet, CrowdStrike’s Director of Threat Hunting has confirmed that the issue lies with CrowdStrike, but the issue is not a faulty update. It is a “faulty channel file” and Nisbet suggests a workaround for some of those stuck in a BSOD boot loop. The fix has to be applied to each affected machine, meaning that System Administrators (sysadmins) across the world are set to have a bad day.
There is a faulty channel file, so not quite an update. There is a workaround…1. Boot Windows into Safe Mode or WRE.2. Go to C:\Windows\System32\drivers\CrowdStrike3. Locate and delete file matching “C-00000291*.sys”4. Boot normally.1/2July 19, 2024
There is a faulty channel file, so not quite an update. There is a workaround…
1. Boot Windows into Safe Mode or WRE.
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Locate and delete file matching “C-00000291*.sys”
4. Boot normally.
We reached out to Tom Cheesewright, Applied Futurist who has worked with NASA, Google and Meta, for comment on this global issue.
“It will be interesting to find out if the two occurrences – Azure going down and the CrowdStrike issue – are connected. If not, it’s an awful coincidence and one that has really compounded the chaos for Microsoft users. This is news because it’s rare and we have to remember that, in spite of today’s chaos. Cloud systems have proven to be a more reliable, more efficient and largely more secure way of operating. They’re big news when they fail because so many people are affected. But if you aggregated the many small failures and cost of all the hardware we used to have in data centres, and the dusty servers in the corner of basements, I’m pretty sure we’d all come to the conclusion that the occasional failure is worth it.”
This is an ongoing story and we will update as we get more information.
