On July 19, 2024, a malfunctioning component in CrowdStrike Falcon latest update led to significant disruptions in Windows systems worldwide. This issue affected numerous organizations and services, including critical infrastructure like airports, TV stations, and hospitals, causing widespread outages.
Scope and Impact
The faulty update impacted Windows workstations and servers, with users reporting widespread outages that took entire companies offline. Emergency services in the U.S. and Canada were also affected, highlighting the severity of the situation. Users experienced systems stuck in a boot loop or encountering the Blue Screen of Death (BSOD) after installing the update.
CrowdStrike’s Response
CrowdStrike acknowledged the problem and issued a technical alert. The company identified a channel file as the cause and reverted the changes. The company provided a workaround for affected users, advising them to:
- Boot Windows into Safe Mode or the Windows Recovery Environment.
- Navigate to C:\Windows\System32\drivers\CrowdStrike.
- Locate and delete the file matching C-00000291*.sys.
- Boot the system normally.
To distinguish between the faulty file and the corrected version, users should look at the file's timestamp. The problematic file C-00000291*.sys has a timestamp of 0409 UTC. The correct version has a timestamp of 0527 UTC or later.
George Kurtz, CrowdStrike’s President and CEO, assured customers that the company is actively addressing the issue and working with affected clients. He emphasized that the problem stemmed from a single content update and confirmed that it was not a security incident or cyberattack. Kurtz recommended that organizations communicate with CrowdStrike through official channels for support and updates.
Continued Issues
Despite the deployment of a fix, the fallout from the faulty update continued to affect many organizations. Large entities across various sectors reported significant disruptions. For instance, multiple 911 emergency service agencies in the U.S. and Canada faced operational challenges. Airports such as Schiphol, Melbourne, Zurich, and others experienced flight delays and cancellations, while hospitals in the Netherlands and Spain, as well as major U.S. hospitals like Bellevue and NYU Langone, also reported issues.
Television stations, including Sky News and ABC, suffered disruptions, and users globally took to forums like Reddit to express their frustrations. Reports from Australia, New Zealand, Malaysia, and other regions highlighted the extensive impact, with companies experiencing massive service downtimes and IT systems failures.
While CrowdStrike has taken steps to address the immediate issue, the incident underscores the challenges of managing large-scale cybersecurity deployments. The workaround provided may mitigate some of the immediate effects, but the full recovery for affected organizations may take time. CrowdStrike’s ongoing communication and support will be crucial in helping their customers navigate this disruption and restore normal operations.
In our blog, we post technology-related articles bi-weekly. Follow us on Facebook and Instagram to get notifications about updates.