Banks, airports, TV stations, hotels, and countless other businesses are all facing widespread IT outages, leaving flights grounded and causing widespread disruption, after Windows machines have displayed errors worldwide.
In the early hours of Friday, companies in Australia running Microsoft’s Windows operating system started reporting devices showing Blue Screens of Death (BSODs). Shortly after, reports of disruptions started flooding in from around the world, including from the UK, India, Germany, the Netherlands, and the US: TV station Sky News went offline, and US airlines United, Delta, and American Airlines issued a “global ground stop” on all flights.
The widespread Windows outages have been linked to a software update from cybersecurity giant CrowdStrike. It is not believed the issues are linked to a malicious cyberattack, cybersecurity officials say, but stem from a misconfigured/corrupted update that CrowdStrike pushed out to its customers.
Engineers from CrowdStrike posted to the company’s Reddit forum that it has seen “widespread reports of BSODs on Windows hosts” occurring across its software, is working on the problem, and has advised a workaround for impacted systems. It also issued instructions to its customers in an advisory.
The incident, so far, appears to only be impacting devices running Windows and not other operating systems. It is unclear exactly how widespread the issues are and how long they will take to resolve. Microsoft and CrowdStrike did not immediately respond to WIRED’s requests for comment on the outage.
Hours after the issues started to emerge, CrowdStrike CEO George Kurtz issued a statement about the outages, saying the company has found a “defect” in an update for Windows that it issued. “This is not a security incident or cyberattack,” Kurtz said. “The issue has been identified, isolated, and a fix has been deployed.” In the statement, Kurtz confirmed that Mac and Linux hosts are not impacted by the update and said that its customers should refer to its support portal.
A Microsoft spokesperson also issued a statement saying it is aware of the problems linked to Windows devices and the company believes a “resolution is forthcoming.”
The outages could result in “millions” being lost by organizations impacted who have had to halt their operations or stop business, says Lukasz Olejnik, an independent cybersecurity consultant, who says the CrowdStrike update appears to be linked to its Falcon Sensor product. The Falcon system is part of CrowdStrike’s security tools and can block attacks on systems, according to the company.
“It reminds us about our dependence on IT and software,” Olejnik says. “When a system has several software systems maintained by various vendors, this is equivalent to placing trust on them. They may be a single point of failure—like here, when various firms feel the impact.”
The outage stemming from the CrowdStrike update has had a huge knock-on impact on public services and businesses around the world. Scores of airports are facing delays and long queues, with one passenger in India sharing a hand-written boarding pass that they have been issued.
In the UK, NHS England has confirmed that GP appointment and patient record systems have been impacted by the outages. Also in the country, train operators have said there are delays across the network, with multiple companies being impacted.
Among other services, CrowdStrike provides endpoint detection and response (EDR) to companies around the world. This EDR technology runs on thousands of “endpoints”—such as computers, ATMs, and internet of things devices—and scans them to identify real-time threats, such as malicious activity from cybercriminals. The company has more than 24,000 customers around the world.
Cybersecurity researcher Kevin Beaumont posted on X that he has seen a copy of the CrowdStrike update that was issued and says the file isn’t properly formatted and “causes Windows to crash every time.” Beaumont says, in further posts, that it appears there isn’t an automated way to fix the issues, at least currently.
Brody Nisbet, the director of overwatch at CrowdStrike, also posted on X indicating the workaround fix the company had issued involves booting up Windows machines into safe mode, finding a file called “C-00000291*.sys,” deleting it, and then rebooting the machine normally. “There is a fix of sorts so some devices in between BSODs should pick up the new channel file and remain stable,” Nisbet posted.
This is a developing story and is being updated with new information.
Source : Wired