Editor's note: Check out our oft-updated live blog for all new developments about the Microsoft/CrowdStrike outage
Windows PCs all around the world are crashing, and it's getting uglier fast.
It's all due to an issue with CrowdStrike's Falcon Sensor software, and it's spreading in unpredictable ways. But what is CrowdStrike? What's a "blue screen of death"? And how worried should Windows PC owners be? Here's what you need to know.
What is CrowdStrike, and what is Falcon Sensor?
CrowdStrike is a cybersecurity company, and Falcon Sensor is software designed to prevent computer systems from cyber attacks. Earlier this morning, on July 19, the company warned its users that Windows systems are "experiencing a bugcheck/blue screen error related to the Falcon Sensor," and said that its engineering teams are "actively working to resolve this issue."
Apparently, an update to the Falcon software is what caused the issue; the company rolled back the update but numerous machines are still affected.
Both Microsoft and CrowdStrike have now acknowledged the issue, which is only present on Windows machines, while Mac and Linux computers aren't affected.
LIVE UPDATES: Microsoft outage linked to CrowdStrike knocks users offline
Tweet may have been deleted
"CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers," George Kurtz, CrowdStrike's President and CEO, wrote on X.
What's a blue screen of death?
If you've been so fortunate to never see a blue screen of death, it is a type of critical error on Windows PCs which essentially halts whatever the computer's been doing and displays an error report on a blue screen.
What is CrowdStrike's relationship with Microsoft?
CrowdStrike doesn't really have a direct relationship with Microsoft. It is, however, a hugely popular cybersecurity company, especially for large businesses and institutions, due to its reputation of being able to stop cyberattacks in their tracks, and that means it runs on a lot of Windows machines. It is also available for Mac and Linux computers, though the current issue is only related to Windows computers.
A report from IDC dated February 2023 placed CrowdStrike at the number one spot when it comes to endpoint security, with a 17.7% market share. Microsoft's own endpoint security solutions are a close second with a 16.4% market share.
How widespread is this issue?
CrowdStrike's software is popular and widely used, and as a result, there are numerous outages across platforms including Microsoft 365, Azure, Instagram, eBay, Visa, and AT&T. A number of banks, such as Chase, Wells Fargo, TD Bank, and US Bank appeared to be having issues as well. Downdetector is a good place to check which services are having issues. (Full disclosure: Downdetector is owned by Mashable's parent company, ZiffDavis.)
The problems are widespread enough to have caused some airlines, including Delta, American, RyanAir, and United Airlines, being grounded due to communications issues, apparently related to the outage.
Sky News was unable to broadcast live TV early on Friday, also apparently due to this problem.
Tweet may have been deleted
Even electronic payment systems in some supermarkets are down, rendering people unable to pay for groceries.
What should I do?
CrowdStrike software is typically maintained by the company's system administrator. For most users experiencing problems, this means that they should probably report the issue to their system admin and wait for resolution.
In a notice to users, CrowdStrike said that there is no need to open a support ticket with CrowdStrike as the company's engineers are aware of the issue and are actively working on it.
For support from CrowdStrike, users can go to the company's Support Portal over at supportportal.crowdstrike.com/s.
There's also an active discussion on Reddit, where system admins are sharing their experiences while trying to resolve the issue.
If you're eager to try to fix the issue yourself, here's a workaround:
"Boot Windows into Safe Mode or the Windows Recovery Environment
"Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
"Locate the file matching 'C-0000029*.sys', and delete it.
"Boot the host normally."
How long will the Microsoft outage last?
While the issue has been "identified, isolated, and a fix has been deployed," per CrowdStrike CEO George Kurtz, actually fixing it is not always trivial. This is not a simple update which can easily be deployed to all systems over-the-air, as many of the affected systems crash right after booting up, meaning they're in an endless boot loop. This, in turn, means that the fix must be applied manually (see instructions above) to each affected system, and in large companies, this can take many hours.
In an interview with TODAY, Kurtz admitted the issues could persist for a while longer.
"It could be some time for some systems that just automatically won’t recover," he said.
Microsoft's CEO Satya Nadella acknowledged the issue around midday Friday but did not provide a timeline for when people could expect the issues to be resolved.
"Yesterday, CrowdStrike released an update that began impacting IT systems globally," Nadella wrote on X. "We are aware of this issue and are working closely with CrowdStrike and across the industry to provide customers technical guidance and support to safely bring their systems back online."
Developing...
Topics Cybersecurity