Random Image Display on Page Reload

Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World

Jul 19, 2024 4:40 AM

Huge Microsoft Outage Caused by CrowdStrike Takes Down Computers Around the World

A software update from cybersecurity company CrowdStrike inadvertently disrupted IT systems globally—taking Windows machines offline.

Image may contain Logo and Terminal

PHOTO-ILLUSTRATION: WIRED STAFF; GETTY IMAGES

Banks, airports, TV stations, health care organizations, hotels, and countless other businesses are all facing widespread IT outages, leaving flights grounded and causing widespread disruption, after Windows machines have displayed errors worldwide.

In the early hours of Friday, companies in Australia running Microsoft’s Windows operating system started reporting devices showing Blue Screens of Death (BSODs). Shortly after, reports of disruptions started flooding in from around the world, including from the UK, India, Germany, the Netherlands, and the US: TV station Sky News went offline, and US airlines United, Delta, and American Airlines issued a “global ground stop” on all flights.

The widespread Windows outages have been linked to a software update from cybersecurity giant ​​CrowdStrike. It is believed the issues are not linked to a malicious cyberattack, cybersecurity officials say, but rather stem from a misconfigured/corrupted update that CrowdStrike pushed out to its customers.

“Earlier today, a CrowdStrike update was responsible for bringing down a number of IT systems globally," said a Microsoft spokesperson in a statement. "We are actively supporting customers to assist in their recovery.”

Engineers from CrowdStrike posted to the company’s Reddit forum that it has seen “widespread reports of BSODs on Windows hosts” occurring across its software, is working on the problem, and has advised a workaround for impacted systems. It also issued instructions to its customers in an advisory.

The incident has only impacted devices running Windows and not other operating systems. It's unclear exactly how widespread the issues are and how long they will take to resolve.

Hours after the issues started to emerge, CrowdStrike CEO George Kurtz issued a statement about the outages, saying the company has found a “defect” in an update for Windows that it issued. “This is not a security incident or cyberattack,” Kurtz said. “The issue has been identified, isolated, and a fix has been deployed.” In the statement, Kurtz confirmed that Mac and Linux hosts are not impacted by the update and said that its customers should refer to its support portal. He later apologized for the incident during a television interview.

At the same time as the CrowdStrike issues emerged, Microsoft was also dealing with its own, apparently unrelated, outage of its Azure cloud services. The company says the two incidents are not linked.

The widespread Windows outages have been linked to a software update from cybersecurity giant ​​CrowdStrike. It is believed the issues are not linked to a malicious cyberattack, cybersecurity officials say, but rather stem from a misconfigured/corrupted update that CrowdStrike pushed out to its customers.

The outages could result in “millions” being lost by organizations impacted who have had to halt their operations or stop business, says Lukasz Olejnik, an independent cybersecurity consultant, who says the CrowdStrike update appears to be linked to its Falcon Sensor product. The Falcon system is part of CrowdStrike’s security tools and can block attacks on systems, according to the company.

“It reminds us about our dependence on IT and software,” Olejnik says. “When a system has several software systems maintained by various vendors, this is equivalent to placing trust on them. They may be a single point of failure—like here, when various firms feel the impact.”

The outage stemming from the CrowdStrike update has had a huge knock-on impact on public services and businesses around the world. Scores of airports are facing delays and long queues, with one passenger in India sharing a hand-written boarding pass that they have been issued. In the hours after the outages first emerged, more than 4,000 flights around the world have been canceled, although not all of them may have been directly linked to the disruption.


Image may contain: Cutlery, Fork, Electronics, Logo, and Hardware
A defective CrowdStrike update sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.

Within health care and emergency services, various medical providers around the world have reported issues with their Windows-linked systems, sharing news on social media or their own websites. The US Emergency Alert System, which issues hurricane warnings, said that there had been various 911 outages in a number of states. In Portland, mayor Ted Wheeler declared a city emergency as a result of some of the outages, although also said many systems were being restored. White House officials say president Joe Biden has been "briefed" on the CrowdStrike outages and his team is monitoring the situation.

Germany’s University Hospital Schleswig-Holstein said it was canceling some nonurgent surgeries at two locations. In Israel, more than a dozen hospitals have been impacted, as well as pharmacies, with reports saying ambulances have been rerouted to unimpacted medical organizations.

In the UK, NHS England has confirmed that GP appointment and patient record systems have been affected by the outages. One hospital has declared a “critical” incident after a third-party IT system it used was impacted. Also in the country, train operators have said there are delays across the network, with multiple companies being impacted.

Indicating the far-reaching nature of the disruption, the organizers of the Paris Olympics, which is due to start next week, said that its systems have been impacted in a “limited way.” According to a statement from the organizers, the affected systems are linked to the delivery of uniforms and its ticketing system hasn’t been impacted.

Among other services, CrowdStrike provides endpoint detection and response (EDR) to companies around the world. This EDR technology runs on thousands of “endpoints”—such as computers, ATMs, and internet-of-things devices—and scans them to identify real-time threats, such as malicious activity from cybercriminals. The company has more than 24,000 customers around the world.

Cybersecurity researcher Kevin Beaumont posted on X that he has seen a copy of the CrowdStrike update that was issued and says the file isn’t properly formatted and “causes Windows to crash every time.” Beaumont says, in further posts, that it appears there isn’t an automated way to fix the issues, at least currently. This may mean that impacted machines need to be manually rebooted before they can come back online, a process that could take hours or days depending on the impacted entity.

Brody Nisbet, the director of overwatch at CrowdStrike, also posted on X indicating that the workaround fix the company had issued involves booting up Windows machines into safe mode, finding a file called “C-00000291*.sys,” deleting it, and then rebooting the machine normally. “There is a fix of sorts so some devices in between BSODs should pick up the new channel file and remain stable,” Nisbet posted.

Update 7/19/24 1:35pm ET: This story has been updated with further comment from Microsoft, and additional details about the outage's impacts.

Matt Burgess is a senior writer at WIRED focused on information security, privacy, and data regulation in Europe. He graduated from the University of Sheffield with a degree in journalism and now lives in London. Send tips to Matt_Burgess@wired.com.
Senior writer

Read More

The US Wants to Integrate the Commercial Space Industry With Its Military to Prevent Cyber Attacks

As more and more infrastructure is deployed in space, the risk of cyber attacks increases. The US military wants to team up with the private sector to protect assets everyone relies on.
Sharon Lemac-Vincere

A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub

Cybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers.
Matt Burgess

How One Bad CrowdStrike Update Crashed the World’s Computers

A defective CrowdStrike update sent computers around the globe into a reboot death spiral, taking down air travel, hospitals, banks, and more with it. Here’s how that’s possible.
Lily Hay Newman

Don’t Fall for CrowdStrike Outage Scams

Swindlers are spinning up bogus websites in an attempt to dupe people with “CrowdStrike support” scams following the security firm's catastrophic software update.
Lily Hay Newman

Google Is Adding Passkey Support for Its Most Vulnerable Users

Google is bringing the password-killing “passkey” tech to its Advanced Protection Program users more than a year after rolling them out broadly.
Lily Hay Newman

Quora’s Chatbot Platform Poe Allows Users to Download Paywalled Articles on Demand

WIRED was able to download stories from publishers like The New York Times and The Atlantic using Poe’s Assistant bot. One expert calls it “prima facie copyright infringement,” which Quora disputes.
Tim Marchman

Amazon Is Investigating Perplexity Over Claims of Scraping Abuse

AWS hosted a server linked to the Bezos family- and Nvidia-backed search startup that appears to have been used to scrape the sites of major outlets, prompting an inquiry into potential rules violations.
Dhruv Mehrotra

Google Is Piloting Face Recognition for Office Security

Plus: A cloud company says notorious Russian hacker group APT29 attacked it, Chinese hackers use ransomware to hide their espionage campaigns, and a bank popular with startups discloses a cyberattack.
Lily Hay Newman

*****
Credit belongs to : www.wired.com

Check Also

A Popular iOS Illustration App Is Saying No to Generative AI

Benj Edwards, Ars Technica Business Aug 22, 2024 3:41 PM A Popular iOS Illustration App …