What just happened? The dreaded Blue Screen of Death has been hitting Windows machines across the world as they boot up, impacting banks, airlines, media outlets, food chains, and many other businesses. It’s been confirmed that the problem stems from security firm CrowdStrike and an issue with its Falcon Sensor agent. There’s also been an apparent separate issue with Microsoft 365 apps and services.
Reports started arriving a few hours ago of PCs and servers going offline and getting stuck in recovery boot loops.
The impact has been on a scale reminiscent of the WannaCry ransomware attack in 2017: UK medical facilities have been unable to book in patients, airports across the globe are dealing with massive waiting times, broadcasters have been unable to air shows, some 911 emergency call centers have been impacted, and bank systems have gone offline.
We’re obviously not on air – we’re trying ð¤Â@SkyNews Breakfast pic.twitter.com/ZKvVacRgUY
– Jacquie Beltrao (@SkyJacquie) July 19, 2024
Britain’s biggest train company has warned passengers to expect severe disruption, and the London Stock Exchange is facing technical issues.
CrowdStrike, used by many businesses for their PC and server security, wrote that it has received widespread reports of BSODs on Windows hosts, occurring on multiple sensor versions.
The company said it has identified the problem and reverted the update that caused the issue.
It’s confirmed !! Crowdstrike Issue Guys, they are working on it, in about maybe 45 mins things will be fix #csagent #crowdstrike #BSOD pic.twitter.com/0mkfRbUAF8
– Xaaavier_8613 (@Xaaavier_8613) July 19, 2024
CrowdStrike wrote that the crashes are related to its Falcon Sensor, an agent that the company says “blocks attacks on your systems while capturing and recording activity as it happens to detect threats fast.”
The CrowdStrike Reddit forum has posted a workaround that involves booting Windows into Safe Mode or the Windows Recovery Environment, navigating to the CrowdStrike directory, and deleting the “C-00000291*.sys” file before rebooting the machine.
It’s worth noting that this solution isn’t going to help everyone.
It certainly sounds like today is going to be a tough one for businesses. The outage arrived soon after Microsoft said users may be unable to access various Microsoft 365 apps and services due to a configuration change in a portion of its Azure backend workloads. This caused an interruption between storage and compute resources which resulted in connectivity failures that affected downstream Microsoft 365 services.
The US Federal Aviation Administration has just announced that all flights from Delta, United, and American Airlines have been grounded.
Brody Nisbet, CrowdStrike’s chief threat hunter, wrote on X that the problem is a faulty channel file, so “not quite an update.”
There is a fix of sorts so some devices in between BSODs should pick up the new channel file and remain stable.
P0 incident ongoing.
2/2
– Brody (@brody_n77) July 19, 2024
CrowdStrike’s shares have fallen 20% in premarket trading following news of the incident. Microsoft is down 2.5%.