Has your Windows computer suddenly crashed and refused to restart? You might have been caught in the recent Crowdstrike outage that caused major disruptions worldwide.
Here’s what happened during the outage and why it affected so many Windows users. In case you’ve been hit by this outage, we’ll also guide you through simple steps to get your computer back up and running.
What Is CrowdStrike?
CrowdStrike is a cybersecurity company that protects computers and networks from cyber attacks. According to their website, they protect the most vulnerable areas that hackers target—your devices, cloud storage, personal information, and sensitive data—to help users stay one step ahead of cybercriminals and prevent security breaches.
On July 18, 2024, a routine update from CrowdStrike triggered an unexpected chain reaction This event, called the CrowdStrike outage, has affected more than 8.5 million Windows devices across the globe.
What Happened To Windows During The CrowdStrike Falcon Outage?
During the CrowdStrike outage, millions of Windows devices experienced unexpected crashes and errors due to an update in the CrowdStrike Falcon Sensor, which caused Windows computer systems to crash. Other types of operating systems, like Mac and Linux, didn’t have any issues.
Users reported seeing the infamous “Blue Screen of Death” (BSOD), a dreaded sight for any Windows user. The outage also caused disruptions to corporate networks and essential services, which left many businesses and individuals scrambling to find solutions. This glitch is especially harrowing since it will likely impact 82% of U.S. state governments using CrowdStrike.
In his LinkedIn post, CrowdStrike’s CEO, George Kurtz, apologized for the outage. The company promised to make major improvements in how it tests and releases software updates to avoid causing problems for so many customers in the future.
What Companies Are Affected By The CrowdStrike Outage?
According to a recent report by Parametrix, the global IT outage caused by Crowdstrike’s faulty software update is expected to have a huge financial impact on Fortune 500 companies, excluding Microsoft. The report estimates these companies will face at least $5.4 billion in direct financial losses due to the outage.
Cyber insurance is expected to cover only a small portion (10-20%) of the losses caused by the recent outage due to limited coverage. Early estimates suggest the cyber insurance industry may face losses between $400 million and $1.5 billion.
That said, any business with valuable data is vulnerable to corruption, malfunction, theft, or ransomware, which makes cyber insurance a necessary part of any business.
So, who are the companies affected by this global glitch? Some of these industries include:
- Airlines: Major airlines like American Airlines, Delta Air Lines, and United Airlines experienced disruptions, including flight cancellations and delays, due to the outage affecting their systems for check-in, aircraft weight calculations, and other critical operations.
- Healthcare: Hospitals and healthcare providers faced glitches in their record systems, appointment scheduling, and even some medical procedures, as the outage impacted their IT infrastructure.
- Finance: Banks and financial institutions were also affected, experiencing issues with their online banking services and other digital operations.
- Other Industries: The outage also affected a wide range of other industries, including retail, manufacturing, and transportation, as many businesses rely on Microsoft systems and services for their day-to-day operations.
In a statement from Microsoft’s Vice President of Enterprise and OS Security, David Weston, the outage affected only a small fraction (less than 1%) of Windows devices. But, “the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services.”
How Do You Restore The Windows Blue Screen of Death
Encountering the dreaded Blue Screen of Death (BSOD) on your Windows device can be frustrating.
At 2Secure Corp, we recommend a few troubleshooting steps to resolve this issue:
Rebooting and Network Connection
- Reboot the device: Ensure the device is connected to the network, preferably via Ethernet, to download the reverted channel file.
- Multiple reboots: In some cases, multiple reboots might be required to fully implement the fix.
2. Safe Mode and Manual Deletion
- Boot into Safe Mode or Windows Recovery Environment: If the device continues to crash, boot into Safe Mode or the Windows Recovery Environment.
- Delete specific files: Navigate to the directory %windir%\System32\drivers\CrowdStrike\ and delete any .sys file beginning with C-00000291- and with a timestamp around 04:09 UTC.
3. BitLocker Recovery
- BitLocker considerations: If BitLocker disk encryption is enabled, you will need the 48-character alphanumeric BitLocker recovery key. This key is unique to each system.
- Manual input: Enter the recovery key manually when prompted during the reboot process.
4. Restore Backup
- Restore a pre-update backup: If the above steps do not resolve the issue, restore a system backup from before July 18, 2024.
5. Update and Fix Deployment
- Ensure system updates: Verify that the latest CrowdStrike updates and fixes have been deployed. CrowdStrike has provided a hotfix addressing the issue, scheduled for general availability by August 9, 2024.
If none of these steps resolve the issue, you might need to consider more advanced options like system restore or even a new Windows installation.
FAQ
What Did The Crowdstrike Outage Affect?
The CrowdStrike outage affected many big companies like airlines, hospitals, banks, and others that use CrowdStrike software. It caused problems with their computer systems, leading to disruptions in their services.
Why Did CrowdStrike Fail?
The issue stemmed from a mismatch in the number of data fields expected by the sensor’s Content Interpreter, causing an out-of-bounds memory read that resulted in system crashes.
This update introduced a new template type that was supposed to handle 21 input fields, but the faulty version contained only 20. This discrepancy was not detected during testing because the tests used a wildcard matching criterion, which masked the issue.
What Was The Cause Of The Microsoft Outage?
The recent Microsoft outage was not directly caused by Microsoft itself. A faulty software update from CrowdStrike, a cybersecurity company, affected some Windows computers and disrupted various services that relied on them.
Was The Crowdstrike Outage A Cyber Attack?
No, the Crowdstrike outage was not a cyber attack but a faulty software update. If your company experiences data breaches or cyber attacks, 2Secure Corp’s cybersecurity consulting services can help investigate, recover data, and strengthen your security to prevent future incidents.
