Organizations worldwide are reporting major outages that appear to be caused by a bad update pushed out by cybersecurity giant CrowdStrike (NASDAQ: CRWD).
CrowdStrike launched an investigation after receiving widespread reports of Windows hosts experiencing a Blue Screen of Death (BSOD). In the latest update provided at the time of writing the company said it’s in the process of reverting changes that may have caused the issue.
The BSOD was caused by a recent CrowdStrike Falcon sensor update. Impacted devices are reportedly entering BSOD loops that make them inoperable.
Update: CrowdStrike late Friday said a routine sensor configuration update pushed to Windows systems on July 19, 2024 at 04:09 UTC triggered a logic error that blue-screened critical computer systems around the world.
A workaround that involves booting systems in Safe Mode and deleting a CrowdStrike component is being recommended.
CrowdStrike’s CEO, George Kurtz, said in a statement on the social media platform X that the problems are caused by a “defect found in a single content update for Windows hosts”.
“Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” Kurtz added.
Organizations around the world have been reporting major outages, including airports, banks, media outlets and hospitals. However, at least some of these incidents appear to stem from a recent Microsoft cloud service outage that is not related to CrowdStrike. Some news websites appear to be mixing the two incidents.
Still, the bad CrowdStrike update is causing problems for many, including major airports around the world. American Airlines told the BBC that flights were not allowed to take off, with the incident being blamed on a “technical issue with CrowdStrike”.
Even Google Cloud reported an incident affecting its Compute Engine, noting that “Windows VMs using Crowdstrike’s csagent.sys are crashing and going into unexpected reboot”.
Kevin Beaumont, a reputable cybersecurity expert, said the current global IT outage is caused by CrowdStrike, not Microsoft, which has resolved its own issues.
“Crowdstrike is the top tier EDR product, and is on everything from point of sale to ATMs etc – this will be the biggest ‘cyber’ incident worldwide ever in terms of impact, most likely,” Beaumont said.
Shares of publicly traded CrowdStrike finished the day down more than 11% in trading on Friday.
UPDATE: This incident, described in the mainstream media with words such as “chaos” and “disaster”, could turn out to be one of the worst cyber failures in history.
Microsoft told SecurityWeek that “a CrowdStrike update was responsible for bringing down a number of IT systems globally”. The company is actively supporting customers to assist in their recovery, a Microsoft spokesperson said.
The tech giant does not believe this is related to the July 18 Azure outage that impacted a subset of Azure customers. That issue has been fully resolved.
On the status page for its Azure cloud service, the tech giant said some virtual machines running the CrowdStrike Falcon agent are also impacted.
The Associated Press is tracking disruptions in the US and other parts of the world. 911 and non-emergency services reported disruptions in some US states.
Thousands of flights have so far been canceled or delayed around the world. Airlines and airports in the United States, India, Germany, Thailand, Singapore, Hong Kong, South Korea, Australia, and other countries reported disruptions.
The London Stock Exchange said some services have been disrupted as a result of the incident, but noted that trading is not affected.
A major container hub in the Baltic port of Gdansk in Poland temporarily suspended operations on Friday.
*original article updated to add statement from CrowdStrike’s George Kurtz
*added information from Microsoft and CrowdStrike to update
Related: Apple’s Rapid Security Response Patches Causing Website Access Issues
