A global tech outage has grounded airlines, knocked news channels off the air, brought banks offline and interfered with 911 operators as workers around the world woke up on Friday and found they couldn’t boot up their computers.
The reason for the outage is a single software update originating from cybersecurity firm CrowdStrike. The faulty update has caused some computers running Windows to experience the Blue Screen of Death. In other words, instead of booting up as normal, affected computers are crashing. The update did not impact computers running Mac or Linux.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” wrote CrowdStrike CEO George Kurtz in an X post Friday morning. “This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”
While Kurtz said that a fix has been deployed for the bug, it doesn’t look like the outage will be resolved soon.
Get daily National news
“It could be some time for some systems that won’t automatically recover, but it is our mission to make sure every customer is fully recovered,” Kurtz said in an interview with on NBC’s Today Show.
Kurtz also apologized for the outage: “We’re deeply sorry for the impact that we’ve caused.”
What is CrowdStrike?
For those unfamiliar with CrowdStrike, it may come as quite a shock that one company’s software update could bring the digital world to its knees.
CrowdStrike is one of the largest cybersecurity companies in world and it develops software to help companies detect and prevent hacks. The company’s software is widely used by Fortune 500 companies and businesses around the globe for managing the security of devices operating on Windows.
Even if a business isn’t using the CrowdStrike security platform, their operations may still be affected by this outage. Businesses operating online often use other digital tools to help run their day-to-day. If the companies providing those digital tools are running CrowdStrike software, all of their clients could be affected.
How did the outage happen?
- Wildfire near Spences Bridge sparks ‘tactical evacuations,’ new fires flare in Kootenays
- Vancouver team caring for 2nd orphan sea otter pup found near Tofino
- Group in charge of Google’s $100M for news outlets lays out its governance model
- B.C.-made material to be used by Max Space, NASA for habitats on moon
The company’s popular Falcon Sensor software appears to be the origin of the issue. Falcon is an antivirus platform used to secure “endpoints” like laptops, servers, mobile devices and point-of-sale systems. In order to monitor these endpoints for malicious software and suspicious activity, CrowdStrike software has deep-level access to the device’s operating system.
This is known as kernel-level access, referring to the core level of a computer’s operating system that facilitates interactions between software and hardware. Cybersecurity software often needs this highly privileged access so that it can access any part of a computer’s system that hackers may target.
The update that CrowdStrike pushed appears to have impacted the kernel-level driver that CrowdStrike uses to monitor devices for malware, according to IT analysts. The faulty code appears to be interacting with the Windows operating system and causing computers to crash.
These affected devices then get stuck in a cycle called boot looping, in which the computer fails to complete its regular boot up sequence and then reboots in a seemingly endless cycle.
What’s the solution?
CrowdStrike says it has deployed a patch to fix the faulty software update but that won’t immediately resolve the outage.
This is because the computers impacted by the outage cannot boot up and get online to receive the fix. Instead, IT admins around the world will have to physically go into a machine’s system and delete the faulty driver.
CrowdStrike provided the following workaround steps:
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
Others have found success in simply rebooting affected computers over and over again, in the hopes the CrowdStrike update gets pushed through the network before the machine hits the Blue Screen of Death.
Comments