18TH JUL 2024
A recent update from CrowdStrike has caused widespread disruptions for Windows users, leading to system crashes and the infamous Blue Screen of Death (BSOD). Reports indicate that companies worldwide, including Sky News, are unable to reboot their systems.
Users have flooded forums like Reddit with their concerns. One user remarked, “Wow, stuck in a boot loop, and entire org taken out.”
Here’s an overview of the incident and guidance on the next steps.
An issue with CrowdStrike’s Falcon Sensor product has been identified as the cause of this global disruption. Falcon, described by CrowdStrike as a platform designed to prevent breaches using a unified set of cloud-delivered technologies, is currently under scrutiny as engineers work to resolve the problem.
The IT outage has had far-reaching impacts, affecting airports, businesses, and broadcasters. Sky News reports grounded planes in the U.S., disrupted trains in the U.K., and malfunctioning boarding scanners at Edinburgh Airport in Scotland.
Here is a list of organizations impacted by the faulty Crowdstrike update:
Major airlines, including United, Delta, American, and Allegiant, have grounded flights due to the outage. American Airlines attributed the problems to a "technical issue with CrowdStrike affecting multiple carriers," according to BBC News. Frontier Airlines issued a similar ground stop order, citing a "major Microsoft technical outage."
European airlines such as Ryanair and KLM have also been affected. Ryanair advised passengers to arrive at airports at least three hours before departure due to the disruption caused by a global third-party IT outage. KLM largely suspended operations, acknowledging the inconvenience during the busy summer holiday season.
Emergency services in Alaska have been impacted, with Alaska State Troopers reporting issues with 911 and non-emergency call centers across the state due to the nationwide technology-related outage.
UK airports, including Heathrow, Gatwick, and Luton, have experienced delays and disruptions. Gatwick Express reported potential cancellations on certain networks due to the inability to access driver diagrams.
Healthcare facilities have also been hit. In the UK, the NHS's EMIS system, which is crucial for booking appointments and accessing patient records, has been disrupted. The NHS assured that emergency services remain unaffected and advised patients to attend appointments unless otherwise informed.
In Germany, two hospitals have canceled elective operations scheduled for Friday.
Commuters in New York City and Washington, DC, faced delays due to the outage. The NYCT subway reported that train arrival information was unavailable for several lines, though train services themselves were unaffected.
Sky News experienced disruptions, displaying archive footage and error messages. The news site was operational at the time of writing.
The London Stock Exchange's website faced issues, specifically with the RNS news service. The exchange assured that other services were operating normally.
McDonald's Japan suspended operations at about a third of its stores due to issues with cash registers. Woolworths grocery stores also faced disruptions, with some stores operating fewer checkouts. At the Ocean Park Marriott in Hong Kong, staff resorted to pen and paper to check guests in due to the outage affecting systems globally.
Microsoft has also acknowledged the issue, stating it began around 6 pm Eastern Time. The company is investigating cloud service disruptions in the U.S. and issues affecting several apps and services. A Microsoft spokesperson confirmed,
We’re aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming.”
Contrary to initial reports suggesting a faulty update, Brody, director of CrowdStrike Overwatch, clarified on X (formerly Twitter) that the issue stems from a “faulty channel file, so not quite an update.”
Here’s how you can fix the BSOD caused by Crowdstrike’s update:
Boot Windows into Safe Mode or WRE.
Go to C:\Windows\System32\drivers\CrowdStrike
Locate and delete file matching "C-00000291*.sys"
Boot normally.
Update: Alternatively, Crowdstrike's engineers have deployed a new fix, which can be applied by rebooting systems connected to Crowdstrike's Falcon platform online. Here's how the newer fix works:
