A software problem at cybersecurity provider CrowdStrike is believed to be the cause of a global IT outage that caused thousands of Microsoft Windows computer systems to malfunction.
The outage caused widespread disruption around the world, grounding flights, halting financial services and forcing broadcaster Sky News to suspend live programming.
what happened?
Early Friday morning (July 19), a large number of Windows devices began crashing and displaying blue screen (BSOD) errors to users.
CrowdStrike is believed to be linked to the outage, and the company acknowledged issues with its flagship product, Falcon, shortly after the system outage became public. Here’s what you need to know about the company believed to be the source of the global tech outage.
What is CrowdStrike?
Ryanair was one of many companies affected by the global IT outage (Nicholas T Ansell/PA)
US-based Crowdstrike is one of the world’s most popular cybersecurity providers, with a market capitalisation of $83.48bn (£64.62bn).
To give an idea of the company’s scale, Crowdstrike says it had 29,000 subscribers globally at the end of 2023, with over 580 customers conducting transactions worth $1m (£774,000).
CrowdStrike’s flagship product is Falcon, a cloud-based software designed to stop hackers from getting onto work computers. It’s like a little security guard that sits on your computer, constantly watching for suspicious activity and sending that information to CrowdStrike’s command center in the cloud for analysis using AI.
When a threat is detected, Falcon can respond immediately by quarantining infected files or devices, blocking access to dangerous websites or networks, and terminating malicious processes.
What is CrowdStrike saying about the outage?
CrowdStrike said on Friday that the service issues were caused by a “faulty channel file,” after initially confirming the error on Windows devices.
The announcement comes after numerous reports of a glitch in an update released by the company causing problems for Windows PCs around the world, shutting down airports, banks and supermarkets.
Computers affected by this change are experiencing blue screen errors, meaning that the computer is trying to restart but is effectively unable to do so, rendering it unusable.
Brody Nisbet, director of threat hunting at CrowdStrike, said on X (formerly Twitter) that “the channel file is flawed, so this is not a complete update.”
This explanation suggests that rather than a faulty update across the board, which occurs when a new version of the software has bugs or issues, certain files that govern how the software communicates and gets updates were corrupted or misconfigured.
The error has apparently been fixed by the company, but “it’s still in our systems and will take some time to be resolved,” said James Davenport, Hebron Medlock Professor of Information Technology at the University of Bath.
What do authorities say?
The outage was first reported in Australia, where the country’s national cyber security coordinator issued a statement about X, saying they were aware of a major technical outage affecting a number of companies and services.
We are aware of a major technical outage this afternoon affecting many businesses and services across Australia.
According to current information, the outage is related to a technical issue with a third-party software platform employed by the affected companies.
— National Cyber Security Coordinator (@AUCyberSecCoord) July 19, 2024
“Current information indicates that the outage is related to a technical issue with a third-party software platform used by the affected company,” the statement said.
What are the experts saying about the power outages?
More broadly, experts are all but certain that the global outage was not the result of a cyberattack. Still, they say the scale of the problem is unprecedented, due in large part to the widespread use of CrowdStrike Falcon and its sophisticated control over Windows PCs.
“This software is so prevalent on many, if not all, machines of a particular type that a flaw in the security software could take down many computers at once,” said Prof McDiarmid, from the University of York’s Institute for Secure Autonomy.
“Falcon is a highly privileged piece of software in that it can affect the behavior of the computer it is installed on,” said Associate Professor Toby Murray, from the University of Melbourne’s School of Computing and Information Systems.
“CrowdStrike is a very large company and many businesses and organisations use them for threat detection and prevention, so this has become a global phenomenon,” said Dave Parry, dean and professor of IT at Murdoch University in Perth, Australia.
Professor Parry continued: “This issue will affect many, many machines around the world. This is not a cyber attack, it’s simply the interaction of two pieces of software.”
What to do if your Windows PC is down?
Wondering how to fix a broken PC? CrowdStrike’s Nisbet posted a partial workaround that’s doable if you have some IT skills.
The channel file is faulty and has not been fully updated.
There is a workaround…
1. Boot Windows into Safe Mode or WRE.
2. Navigate to C:\Windows\System32\drivers\CrowdStrike
3. Find files matching “C-00000291*.sys” and delete them.
4. Boot normally.
1/2
— Brody (@brody_n77) July 19, 2024
The solution, which involves deleting a specific file on the affected computer, is as follows:
1. Start Windows in Safe Mode or Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
3. Find files matching “C-00000291*.sys” and delete them.
4. Boot the host normally.
However, Professor Davenport warned that affected users should not reboot or restart their machines until they have received word from both CrowdStrike and Microsoft that there is no problem, adding that “statements that ‘the issue is resolved’ should not be taken at face value.”