CrowdStrike oopsie crashes Windows workstations across the world
CrowdStrike, one of the world’s leading cybersecurity companies, has said a “defect” rather than a security incident or cyberattack was behind a fault in one of its products that crashed a large number of Windows workstations globally.
The impact has been extremely widespread, disrupting numerous enterprises from British broadcaster Sky News, which was off air for hours on Friday morning, through to several international airlines and airports, which are canceling flights.
In a message on social media, CrowdStrike’s president and chief executive, George Kurtz, wrote the company “is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted.”
The company posted a similar statement and technical information on its website.
Kurtz stressed the issue was not a security incident or cyberattack. He said the fault “has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.
“We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers,” said Kurtz.
A significant proportion of the affected customers seemed to be enterprises running Windows 365 Cloud PCs, as these use CrowdStrike's endpoint threat detection software. Microsoft released guidance to fix the issue for both enterprise and business customers.
The disruption from the issue was expected to continue for some time. Globally, consumers complained that various retail stores and other businesses were unable to take payments.
Friday was scheduled to be the busiest day for flights in the United Kingdom since 2019, but reports suggested many travelers were facing delays and long queues at check-in, baggage and security areas.
In the U.S., the Federal Aviation Administration said it was monitoring the situation and several airlines “have requested FAA assistance with ground stops until the issue is resolved.” As of 9 a.m. Eastern U.S. time, American Airlines was waiving flight-change fees for customers traveling through several major airports.
Emergency and non-emergency call centers in Alaska were not operational early Friday, meaning people needed to dial alternative numbers to 911, with several other U.S. states potentially affected. Border crossings slowed between the U.S. and Canada.
Banks and hospitals were reportedly impacted in Israel. Two hospitals in Germany have had to cancel operations due to the incident, reported Reuters. Royal Surrey Hospital in London declared a critical incident, with an expected thousand plus general practitioner surgeries throughout the United Kingdom affected by the outage.
The White House told reporters that President Biden had been briefed on the situation, and “his team is in touch with CrowdStrike and impacted entities.”
Endless boot loop
The first signs of the incident were spotted on Friday morning in Australia, when workstations were found to be stuck in an endless boot loop, displaying the “blue screen of death” critical error message.
The fault has been linked to a misconfigured .sys file pushed by CrowdStrike to customer devices running the Falcon endpoint sensor.
While the misconfigured file was automatically propagated to endpoint devices, there is no way to similarly automate the fix for crashed computers. IT staff will have to manually restart each workstation in safe mode and remove the offending software.
A workaround was shared on CrowdStrike’s internal customer support forum and published on Reddit. Individuals at organizations who tested the workaround told Recorded Future News that it seemed to work, although it may not be effective in all scenarios.
Shares in CrowdStrike, which is listed on the Nasdaq, were down more than 19% in pre-market trading.
Editor’s Note: Coverage will be updated as more information becomes available.
Martin Matishak and Joe Warminsky contributed to this story.
Alexander Martin
is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.