A recent software update from cybersecurity company CrowdStrike has caused widespread IT system disruptions across numerous critical sectors worldwide. Banks, airports, TV stations, healthcare organizations, hotels, and various other businesses are grappling with significant outages, resulting in grounded flights and considerable operational chaos.
In the early hours of Friday, companies in Australia running Microsoft’s Windows operating system began reporting Blue Screen of Death (BSOD) errors on their devices. Shortly after, similar reports started pouring in from around the world, including the UK, India, Germany, the Netherlands, and the US. Notably, TV station Sky News went offline, and US airlines United, Delta, and American Airlines issued a “global ground stop” on all flights.
The root of these widespread outages has been traced to a software update from cybersecurity giant CrowdStrike. According to cybersecurity officials, the issues are not linked to a cyberattack but stem from a misconfigured or corrupted update that CrowdStrike pushed out to its customers. Engineers from CrowdStrike acknowledged on the company’s Reddit forum that they have received widespread reports of BSODs on Windows hosts. They are actively working on the problem and have advised a workaround for affected systems, along with issuing detailed instructions to their customers.
So far, the incident appears to impact only devices running Windows, with other operating systems like Mac and Linux remaining unaffected. The exact scope of the disruption and the timeline for a complete resolution are still unclear. CrowdStrike CEO George Kurtz has issued a statement confirming that the issue is due to a defect in a Windows update and reassured that it is not a security incident or cyberattack. He also mentioned that the problem has been identified, isolated, and a fix has been deployed.
A Microsoft spokesperson also stated that the company is aware of the issues linked to Windows devices and believes a resolution is forthcoming. Concurrently, Microsoft was dealing with an unrelated outage of its Azure cloud services.
The financial impact of these outages could be substantial, with potentially millions lost by affected organizations that have had to halt their operations.
The outage caused by the CrowdStrike update has had significant ripple effects on public services and businesses globally. Airports are facing major delays and ground stops, with passengers in India even receiving hand-written boarding passes. Thousands of flights have been canceled worldwide. In the healthcare sector, various providers have reported issues with their Windows-linked systems, leading to disruptions in emergency services and routine medical procedures. For instance, Germany’s University Hospital Schleswig-Holstein had to cancel some none urgent surgeries, and in Israel, hospitals and pharmacies have been affected, with ambulances being rerouted.
In the UK, NHS England confirmed that GP appointment and patient record systems have been impacted, with one hospital declaring a “critical” incident. Train operators in the country also reported delays across the network.
The disruption has even reached the organizers of the Paris Olympics, set to start next week. They reported limited impact on their systems, primarily affecting the delivery of uniforms, while the ticketing system remains operational.
CrowdStrike, known for its endpoint detection and response (EDR) technology, has over 24,000 customers worldwide. This EDR technology scans thousands of endpoints—such as computers, ATMs (not ours ;), and internet-of-things devices—for real-time threats. Cybersecurity researcher Kevin Beaumont posted on X that the CrowdStrike update file wasn’t properly formatted, causing Windows to crash repeatedly. Beaumont noted that there isn’t currently an automated fix, meaning affected machines might need manual rebooting, which could take hours or days depending on the entity.
CrowdStrike’s director of overwatch, Brody Nisbet, provided a workaround on X, advising users to boot Windows machines into safe mode, delete a specific file named “C-00000291*.sys,” and then reboot the machine normally.
Byte Federal was not affected and experienced no downtime.