On Friday morning, businesses worldwide, including banks, airports, TV stations, and hotels, experienced massive IT outages after Windows machines began showing Blue Screens of Death (BSODs). These disruptions started in Australia and quickly spread to other regions like the UK, India, Germany, the Netherlands, and the US. Among the affected were Sky News, which went offline, and major US airlines such as United, Delta, and American Airlines, which had to issue a “global ground stop” for all flights.
The root cause of these widespread outages has been traced back to a software update from the cybersecurity company CrowdStrike. According to cybersecurity officials, the problem is not believed to be a cyberattack but rather a result of a misconfigured or corrupted update released by CrowdStrike.
CrowdStrike’s engineers took to Reddit to acknowledge the issue, reporting widespread BSODs on Windows hosts due to their software. They are actively working on resolving the problem and have provided a workaround for affected systems along with an advisory for their customers.
So far, the incident seems to be limited to devices running Windows, with other operating systems remaining unaffected. The exact scope and duration of the outages are still unclear, and neither Microsoft nor CrowdStrike have responded to requests for comments from various media organizations.
A few hours after the issues began, CrowdStrike CEO George Kurtz released a statement confirming a “defect” in a Windows update from the company. Kurtz assured that the problem had been identified and isolated, and a fix was already deployed. He also mentioned that Mac and Linux hosts were not affected and directed customers to their support portal for more information.
Microsoft also issued a statement acknowledging the problem and expressing confidence that a solution was on the way.
The financial impact of these outages could be substantial, with independent cybersecurity consultant Lukasz Olejnik suggesting that organizations might lose millions due to halted operations. Olejnik noted that the issue appeared to be linked to CrowdStrike’s Falcon Sensor product, which is designed to block system attacks.
Olejnik emphasized the incident as a reminder of our reliance on IT and software. He pointed out that when multiple software systems are maintained by different vendors, it creates a single point of failure, as seen in this case where many firms were impacted.
The CrowdStrike update has caused significant disruptions in public services and businesses worldwide. Airports are dealing with long queues and delays, and one passenger in India even received a handwritten boarding pass. In the UK, NHS England confirmed that GP appointment and patient record systems were affected, and train operators reported delays across the network.
CrowdStrike provides endpoint detection and response (EDR) services to companies globally. Their EDR technology monitors thousands of endpoints, including computers, ATMs, and IoT devices, for real-time threats. The company serves over 24,000 customers worldwide.
Cybersecurity researcher Kevin Beaumont noted on X (formerly Twitter) that the CrowdStrike update file he reviewed was improperly formatted, causing Windows systems to crash consistently. He mentioned that there currently seems to be no automated solution to fix the issue.
Brody Nisbet, CrowdStrike’s director of overwatch, also posted on X, detailing a workaround involving booting Windows machines into safe mode, locating a specific file (“C-00000291*.sys”), deleting it, and then rebooting the system. He mentioned that some devices might stabilize as they pick up the new channel file between BSODs.
