Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World

The outages could result in “millions” being lost by organizations impacted who have had to halt their operations or stop business, says Lukasz Olejnik, an independent cybersecurity consultant, who says the CrowdStrike update appears to be linked to its Falcon Sensor product. The Falcon system is part of CrowdStrike’s security tools and can block attacks on systems, according to the company.

“It reminds us about our dependence on IT and software,” Olejnik says. “When a system has several software systems maintained by various vendors, this is equivalent to placing trust on them. They may be a single point of failure—like here, when various firms feel the impact.”

The outage stemming from the CrowdStrike update has had a huge knock-on impact on public services and businesses around the world. Scores of airports are facing delays and long queues, with one passenger in India sharing a hand-written boarding pass that they have been issued. In the hours after the outages first emerged, more than 4,000 flights around the world have been canceled, although not all of them may have been directly linked to the disruption.

Within health care and emergency services, various medical providers around the world have reported issues with their Windows-linked systems, sharing news on social media or their own websites. The US Emergency Alert System, which issues hurricane warnings, said that there had been various 911 outages in a number of states. In Portland, mayor Ted Wheeler declared a city emergency as a result of some of the outages, although also said many systems were being restored. White House officials say president Joe Biden has been “briefed” on the CrowdStrike outages and his team is monitoring the situation.

Germany’s University Hospital Schleswig-Holstein said it was canceling some nonurgent surgeries at two locations. In Israel, more than a dozen hospitals have been impacted, as well as pharmacies, with reports saying ambulances have been rerouted to unimpacted medical organizations.

In the UK, NHS England has confirmed that GP appointment and patient record systems have been affected by the outages. One hospital has declared a “critical” incident after a third-party IT system it used was impacted. Also in the country, train operators have said there are delays across the network, with multiple companies being impacted.

Indicating the far-reaching nature of the disruption, the organizers of the Paris Olympics, which is due to start next week, said that its systems have been impacted in a “limited way.” According to a statement from the organizers, the affected systems are linked to the delivery of uniforms and its ticketing system hasn’t been impacted.

Among other services, CrowdStrike provides endpoint detection and response (EDR) to companies around the world. This EDR technology runs on thousands of “endpoints”—such as computers, ATMs, and internet-of-things devices—and scans them to identify real-time threats, such as malicious activity from cybercriminals. The company has more than 24,000 customers around the world.

Cybersecurity researcher Kevin Beaumont posted on X that he has seen a copy of the CrowdStrike update that was issued and says the file isn’t properly formatted and “causes Windows to crash every time.” Beaumont says, in further posts, that it appears there isn’t an automated way to fix the issues, at least currently. This may mean that impacted machines need to be manually rebooted before they can come back online, a process that could take hours or days depending on the impacted entity.

Brody Nisbet, the director of overwatch at CrowdStrike, also posted on X indicating that the workaround fix the company had issued involves booting up Windows machines into safe mode, finding a file called “C-00000291*.sys,” deleting it, and then rebooting the machine normally. “There is a fix of sorts so some devices in between BSODs should pick up the new channel file and remain stable,” Nisbet posted.

Update 7/19/24 1:35pm ET: This story has been updated with further comment from Microsoft, and additional details about the outage’s impacts.