A faulty driver in CrowdStrike’s Falcon security software has caused millions of Microsoft Windows systems to malfunction, creating major issues for business worldwide.

Thousands of Windows machines worldwide, including those at banks, airlines, TV broadcasters, and supermarkets, are experiencing a Blue Screen of Death (BSOD). The faulty CrowdStrike update has caused affected PCs and servers to enter a recovery boot loop, preventing them from starting properly. Early Friday, companies in Australia first reported the issue, which quickly spread globally to the U.K., India, Germany, the Netherlands, and the U.S.

CrowdStrike CEO George Kurtz posted a message to X Friday morning that a fix was being deployed and the incident was not the result of a cyberattack.

CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…

— George Kurtz (@George_Kurtz) July 19, 2024

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” Kurtz said. “Mac and Linux hosts are not impacted.”

Microsoft has issued service updates as it triages the impact. It has a lengthy statement on its Azure page on how organizations can remedy the issue. The company also posted on X that the issue impacted its Windows 365 Cloud PCs, which are virtual desktops hosted in the Microsoft Cloud.

On another Microsoft status page, the company says impacted services may include but are not limited to the following:

PowerBI: Users may notice that their service is in read-only mode while we address impact.

Microsoft Fabric: Users may notice that their service is in read-only mode while we address impact.

Microsoft Teams: Users may be unable to leverage Microsoft Teams functions including presence, group chats, and user registration.

Microsoft 365 admin center: Admins may be intermittently unable to access the Microsoft 365 admin center and any action may be delayed if accessible.

The following services have recovered from the outage, according to the company:

Microsoft Defender

Microsoft Defender for Endpoint

Microsoft Defender Experts

Microsoft Intune

Microsoft OneNote

OneDrive for Business

SharePoint Online

Windows 365

Viva Engage

Microsoft Purview

The U.S. Cybersecurity and Infrastructure Security Agency told CyberScoop it’s “working closely with CrowdStrike and our federal, state, local and critical infrastructure partners to fully assess and address these issues.”

A White House official told a pool reporter that “the president has been briefed on the CrowdStrike outage and his team is in touch with CrowdStrike and impacted entities. His team is engaged across the interagency to get sector by sector updates throughout the day and is standing by to provide assistance as needed.”

Businesses around the world had their operations come to a standstill due to the outage.

The airline industry was particularly hit hard. Top U.S. airlines — United, Delta, and American Airlines — issued a “global ground stop” on all flights. The Irish airline Ryanair also stated that it was currently experiencing disruption across its network.

12-hour timelapse of American Airlines, Delta, and United plane traffic after what was likely the biggest IT outage in history forced a nationwide ground stop of the three airlines. pic.twitter.com/wwcQeiEtVe

— Colin McCarthy (@US_Stormwatch) July 19, 2024

The Federal Aviation Administration said it was “closely monitoring” the issue, working with airlines and airports on ground stops until the issue is resolved.  According to flight-tracking website FlightAware, over 25,000 flights have been delayed and 2,550 have been cancelled as a result of the issue.

The issue has also impacted emergency services in several states, including Alaska, Arizona, Indiana, Minnesota, New Hampshire, and Ohio.

Reports on X also show that mobile ordering for multinational coffee chain Starbucks is down, snarling people’s Friday morning caffeine fix.

Man on the ground report: Starbucks mobile ordering is down! You can order but they can’t see orders at the store. You have to show them your phone and they’ll make your order. pic.twitter.com/qb1cG1JOSc

— Joe Colangelo (@Itsjoeco) July 19, 2024

Various IT and cybersecurity experts have taken to social media to share workarounds for the issue. A CrowdStrike director posted that users can boot into Windows Safe Mode and follow these steps:

There is a faulty channel file, so not quite an update.

There is a workaround…
1. Boot Windows into Safe Mode or WRE.
2. Go to C:WindowsSystem32driversCrowdStrike
3. Locate and delete file matching “C-00000291*.sys”
4. Boot normally.

1/2

— Brody (@brody_n77) July 19, 2024

Various IT technicians have said that workaround may be complicated by machines that use Windows BitLocker.

This is a breaking news story and information will be updated as it becomes available.

The post CrowdStrike Falcon flaw sends Windows computers into chaos worldwide appeared first on CyberScoop.

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Friday Squid Blogging: The Awfulness of Squid Fishing Boats

April 12, 2024 0 Comments 0 tags

It’s a pretty awful story. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog

Read More

Friday Squid Blogging: New Extinct Species of Vampire Squid Discovered

March 1, 2024 0 Comments 0 tags

Paleontologists have discovered a 183-million-year-old species of vampire squid. Prior research suggests that the vampyromorph lived in the shallows off an island that once existed in what is now the

Read More

US Government Releases New DDoS Attack Guidance for Public Sector

March 22, 2024 0 Comments 0 tags

The joint advisory sets out how to mitigate and respond to DDoS attacks, limiting disruption to critical services

Read More