A software issue with cybersecurity provider CrowdStrike is believed to be behind a global IT outage that has crippled thousands of Microsoft Windows computer systems.
The fault has caused widespread disruption around the world, grounding flights, shutting down financial services, and forcing broadcaster Sky News to pause its live programming.
What happened?
In the early hours of Friday morning (July 19), scores of Windows devices started crashing and showing users a blue screen of death (BSOD) error.
CrowdStrike has been linked to the outage, with the firm acknowledging a problem with its flagship product Falcon shortly after the system failure came to light. Here’s what you need to know about the company thought to be the culprit behind the global tech outage.
What is CrowdStrike?
US-based CrowdStrike is one of the world’s most popular cybersecurity providers with a market cap of $83.48bn (£64.62bn).
To give you an idea of just how big the firm is, CrowdStrike said it had 29,000 subscribers worldwide at the end of 2023, including more than 580 patrons with deals worth $1m (£774,000).
CrowdStrike’s main product is Falcon, which is a cloud-based software built to keep hackers out of your work computer. Think of it like a tiny guard installed inside your computer that constantly keeps watch for suspicious activity and beams this info back to CrowdStrike’s command centre in the cloud to analyse using AI.
If a threat is detected, Falcon can take immediate action by quarantining infected files or devices, blocking access to dodgy websites or networks, or terminating any malicious processes.
What has CrowdStrike said about the outage?
On Friday, CrowdStrike said a “faulty channel file” was to blame for issues with its service after initially confirming the errors on Windows devices.
The announcement followed numerous reports claiming a botched update released by the firm had buckled Windows PCs worldwide, knocking out airports, banks and supermarkets in its wake.
Computers affected by the change have been getting a blue screen error, which means they are trying to reboot but effectively can’t and so are rendered useless.
CrowdStrike’s director of threat hunting Brody Nisbet said on X (formerly Twitter): “There is a faulty channel file, so not quite an update.”
The clarification suggests that a specific file responsible for how the software communicates and gets updates was broken or misconfigured, rather than a wholesale faulty update, which is when a new version of a software has bugs or issues.
Although the error has apparently now been fixed by the company, “it is still in the system, and will take time to flush through,” according to James Davenport, Hebron and Medlock professor of information technology, University of Bath.
What have authorities said?
The disruption was first reported in Australia, and the country’s national cyber security co-ordinator has put out a statement on X, saying it was aware of a large-scale technical outage affecting a number of companies and services.
I am aware of a large-scale technical outage affecting a number of companies and services across Australia this afternoon.
Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies.
— National Cyber Security Coordinator (@AUCyberSecCoord) July 19, 2024
“Our current information is this outage relates to a technical issue with a third-party software platform employed by affected companies,” the statement reads.
What do experts say at the outage?
More broadly, experts are largely convinced the global outage isn’t due to a cyberattack. Still, they say that the scale of the issue is unprecedented, mainly because of the ubiquity of CrowdStrike Falcon and its high-level control over Windows PCs.
“Such software is pervasive – on many if not all machines of a particular type – so a fault in the security software can bring down many computers at once,” said Professor McDermid, of the Institute for Safe Autonomy, University of York.
“Falcon is a pretty privileged piece of software in that it is able to influence how the computers it is installed on behave,” said Toby Murray, an associate professor at the School of Computing and Information Systems at The University of Melbourne.
“This has become a global phenomenon because CrowdStrike is a very large company, and a lot of companies and organisations use them to detect and protect against threats,” said Dave Parry, a dean and professor in the School of IT at Murdoch University in Perth, Australia.
Prof Parry continued: “The issue will affect very, very large numbers of machines around the world. It’s not a cyber attack, but it’s just an interaction of the two pieces of software.”
What to do if your Windows PC is down?
Wondering how to fix your malfunctioning PC? CrowdStrike’s Nisbet has posted a partial workaround that could do the trick, as long as you have the IT skills to implement it.
There is a faulty channel file, so not quite an update.
There is a workaround…
1. Boot Windows into Safe Mode or WRE.
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Locate and delete file matching “C-00000291*.sys”
4. Boot normally.1/2
— Brody (@brody_n77) July 19, 2024
The solution, which involves deleting a specific file on affected computers, is as follows:
1. Boot Windows into Safe Mode or the Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file matching “C-00000291*.sys” and delete it.
4. Boot the host normally.
However, Prof Davenport warns impacted users shouldn’t reboot or restart their machines until they get the all-clear from both CrowdStrike and Microsoft, adding, “Do not accept ‘it’s gone away’ statements.”
