CrowdStrike Update Causes Global Microsoft Outage, Affecting Services and Bringing ‘Blue Screen of Death’

CrowdStrike, the endpoint security software, caused a major global outage of Microsoft services, including Windows and Office 365, following an update on Friday. The alleged issue brought the ‘blue screen of death’ (BSOD) to Windows devices across the world, with users unable to access their devices. Furthermore, the problem is also reported to have resulted in the disruption of services across information technology (IT) companies, airports, banks and other sectors. 

CrowdStrike Error: What Happened

The issue seems to have surfaced following a CrowdStrikeupdate that resulted in ‘Blue Screen of Death’ on Windows devices. The error says, “Your device ran into a problem and needs to restart”. However, restarting does not appear to solve the issue, with the device getting stuck in a boot loop.

Microsoft lists the error with the STOP code “PAGE_FAULT-IN-NONPAGED_AREA”. It is allegedly caused to due a failure of a CrowdStrike agent system file, as per the error log. 

CrowdStrike Error: Its Impact

Software status monitoring website Downdetector suggests the outage has impacted several Microsoft services, including Microsoft Store and Microsoft 365. The platform also reports that 911 emergency services in several states in the US have also been affected. According to claims on social media, the CrowdStrike update error seems to have resulted in the disruption of services across institutions such as banks, airports and IT companies.

Berlin Air suspended all flights, attributing it to a “technical problem”, a spokesperson told AFP. All check-in and flight services were cancelled until 10 am local time (1:30 pm IST). Furthermore, several US airlines, including Delta, United and American Airlines, grounded their flights, with the Federal Aviation Administration (FAA) citing a communication issue.

India’s IndiGo Airlines issued a statement informing about the impact on its services, resulting in long waiting lines while checking in and errors while booking tickets. It attributed the problem to Microsoft Azure, stating that its digital experts are working on a solution. A similar statement was also issued by Akasa Air and Indian Airlines.

Media outlets were also reported to face issues due to the global outage of Microsoft services, with the UK’s Sky News and CBBC and Australia’s ABC News being some of the ones affected. Furthermore, the London Stock Exchange (LSE), run by the LSE Group, also said it was facing an issue that prevented the RNS news service from publishing on the LSE website.

As many as three Gadgets 360 staffers were impacted by the issue.

CrowdStrike Error: Response

Update: CrowdStrike CEO George Kurtz has issued a statement informing that the root cause has been identified and patched. The company is claimed to be “actively working with customers” impacted by the outage. The CEO revealed that the error was not due to a “security incident or cyberattack” but because of a defect in a single content update for the Windows platform. It did not affect Linux or Mac devices.

CrowdStrike and Microsoft have both issued statements following the outage. Microsoft said that several “mitigation actions” were in process, while it also focussed on redirecting impacted traffic to “healthy systems”. As per a Reuters report, Microsoft acknowledged that the problem arose at 6 pm ET (3:30 am IST), with customers in its Central US area facing issues while accessing Azure services.

A Microsoft spokesperson told Gadgets 360, “We’re aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming.”

In a statement hidden behind a registration wall, CrowdStrike acknowledged the issue, stating it “is aware of crash reports”. On the CrowdStrike subreddit, the moderator also published a workaround for those who are still affected by it. To resolve it, it advised users to:

1. Boot the Windows device into Safe Mode or open the Windows Recovery Environment
2. Next, navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Find a file in the system directory matching “C-00000291*.sys”, and delete it
4. Boot the host normally

In a subsequent response, the Texas-based cybersecurity company said that the problem, related to a “Falcon Sensor” on Windows following a content deployment, has been patched and the changes reverted by its engineering teams.