An error in a recent CrowdStrike update has led to significant disruptions in Windows PCs across the U.S., U.K., Australia, South Africa, and several other nations, as disclosed by the cloud security firm on Friday. Emergency services, airports, and law enforcement agencies have all reported ongoing downtime as a result.
CrowdStrike clarified in a statement that this incident is not related to a security breach or cyberattack.
Widespread Blue Screen of Death Caused by CrowdStrike Outage
Organizations impacted by the outage have encountered the infamous Blue Screen of Death, indicating a system crash within the Windows environment. According to insights from The Verge, the issue originates from an update to a kernel-level driver linking CrowdStrike with Windows PCs and servers.
Flight operations of American Airlines, United, and Delta were disrupted on Friday morning due to problems with their IT systems. Additionally, U.K.-based media outlet Sky News reported an outage affecting their television services early Friday. The New Hampshire emergency services department also confirmed restoration of online services subsequent to disruptions to 911 services.
On Friday, CrowdStrike stated that they have identified and rectified the issue, although reports of ongoing outages on some initially affected machines persist.
Earlier on Friday, Microsoft 365 issued a warning of service degradation, although this seems to be unrelated to the current incident.
Gartner data sent to TechRepublic via email indicated that CrowdStrike contributed 14.74% of the total revenue from security software segments and regions in 2023, while Microsoft accounted for 40.16%.
SEE: Large Companies Face Downtime Costs of $400 billion annually, as per Splunk.
What Actions can Businesses Take During the CrowdStrike Outage?
Microsoft suggests rebooting Azure Virtual Machines running the CrowdStrike Falcon agent. This process might entail multiple reboots, with some users finding success after up to 15 reboots. Alternative options include restoring from a backup pre-dating July 18 at 04:09 UTC, or attempting OS disk repair by employing a repair VM.
Forrester VP and Principal Analyst Andras Cser highlighted the need for manual recovery on affected systems due to the update deployment method. Hence, administrators are required to physically connect a keyboard to each impacted system, boot into Safe Mode, remove the faulty CrowdStrike update, and then reboot. Some administrators have also faced challenges in accessing BitLocker encryption keys for remedial actions.
Customer organizations are advised by CrowdStrike to maintain communication with their representatives. It is recommended that all organizations, even if unaffected, check in with their SaaS partners to ascertain any potential issues.
Given the broad impact on major organizations, the risk of misinformation is significant.
Former NSA cybersecurity expert Evan Dornbush cautioned against misinformation regarding system reconfiguration or deletion of critical files. He advised against falling prey to counterfeit solutions.
He further emphasized the importance of reviewing password management practices, as future fixes may necessitate administrative access to long-unrebooted systems.
Evaluate the dependency of your organization on a single provider or service, and ensure a robust recovery process is in place.
IT team leaders are encouraged to ensure their staff are adequately supported during this challenging period.
Forrester Principal Analyst Allie Mellen stressed the need for continuous support and rest breaks to prevent burnout and mistakes, especially during tech incidents that warrant extensive recovery efforts.
CrowdStrike referred TechRepublic to the official statement when approached for further comments.
This article will be updated as additional information becomes available. TechRepublic has reached out to Microsoft for input.
About Author
