A recent update has disrupted Windows systems globally, causing crashes and the notorious Blue Screen of Death (BSOD). The impact has been far-reaching, with organizations around the world experiencing significant downtime. Reports indicate that affected entities include prominent firms such as Sky News, which has faced broadcasting interruptions.
Concerned users have flocked to online forums like Reddit to voice their frustrations. One user lamented, “Wow, stuck in a boot loop, and entire org taken out.”
If you’ve encountered similar chaos upon starting your workday, you’re not alone. Here’s an overview of what transpired and steps you can take.
The root cause of this global disruption has been traced to an issue with a security platform, CrowdStrike. Their engineers have identified the problem within their Falcon Sensor product. CrowdStrike describes Falcon as a comprehensive platform designed to prevent various cyber attacks through a suite of cloud-delivered technologies.
The outage has severely affected multiple sectors. According to Sky News, airports, businesses, and broadcasters have been hit hard. The U.S. has seen planes grounded, the U.K. has experienced train disruptions, and Edinburgh airport in Scotland has reported issues with boarding scanners.
Microsoft has acknowledged the problem and is implementing mitigation actions. The company noted that the issues began around 6 PM Eastern Time and are affecting several cloud services and applications.
A Microsoft spokesperson confirmed, “We’re aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming.”
Initial reports suggested a problematic update was to blame. However, Brody, the director of CrowdStrike Overwatch, clarified on social media that a faulty channel file, not an update, was the culprit. He provided a temporary workaround:
- Boot Windows into Safe Mode or WRE.
- Navigate to
C:\Windows\System32\drivers\CrowdStrike. - Locate and delete the file matching
C-00000291*.sys. - Boot normally.
CrowdStrike CEO George Kurtz later confirmed that the issue was not a cyberattack but a botched update. He reassured customers that the problem had been identified and a fix deployed, urging them to stay updated through official channels.
Addressing this issue is challenging, especially for large organizations. Adam Harrison, managing director at FTI Cybersecurity, noted that while the fix is quick, scaling it across numerous systems will take time and manual intervention.
Ian Thornton-Trump, CISO at Cyjax, suggested that CrowdStrike might develop a tool for applying the fix at the disk level, potentially reducing recovery times for organizations with extensive systems to update.
