Key Takeaways:
- A recent CrowdStrike update has caused Blue Screen of Death (BSOD) errors on thousands of Windows machines, affecting critical sectors like airlines, banks, and emergency services globally.
- CrowdStrike has identified the problem, reverted the faulty update, and provided a workaround for affected Windows devices.
- The incident led to a significant drop in CrowdStrike’s share price by over 19% in premarket trading.
Cybersecurity provider CrowdStrike has acknowledged that a recent update is causing Blue Screen of Death (BSOD) errors on thousands of Windows machines globally. This outage has significantly disrupted organizations across diverse sectors, including airlines, banks, railway networks, news organizations, and emergency services.
CrowdStrike is a cybersecurity technology company that provides cloud-delivered protection against security threats. The company was founded in 2011 and it’s known for its endpoint security, threat intelligence, and cyberattack response services.
Essentially, CrowdStrike’s flagship product (called the Falcon platform) uses artificial intelligence (AI) to detect, prevent, and respond to security incidents in real time. The services of CrowdStrike are designed to help organizations protect their IT infrastructure by monitoring and analyzing security data, identifying vulnerabilities, and providing automated responses to potential threats.
The issue was first noticed by Australian banks, airlines, and TV broadcasters and has since spread to businesses in Europe and other parts of the world. In the UK, the BSOD bug is disrupting services at the London Stock Exchange, Ryanair, and Edinburgh Airport. Additionally, airports in Berlin, Schiphol, and other locations are experiencing massive delays and flight suspensions.
CrowdStrike has identified the issue and confirmed receiving widespread reports of crashes linked to a faulty update to CrowdStrike Falcon Sensor software. This is a module in the Falcon platform that uses sensor data to detect vulnerabilities and threats within a system. Microsoft has since reverted the faulty update, but this action does not resolve the problem for Windows devices that have already been affected.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” wrote George Kurtz, President and CEO of Crowdstrike, in a post on X (formerly Twitter).
CrowdStrike recommends customers to check out its support portal and website for the latest updates. “We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers,” Kurtz added.
Fortunately, CrowdStrike has provided a temporary workaround to help customers resolve the issue on Windows machines affected by the botched update. The company says that users can uninstall the faulty update by following these steps:
Additionally, two other workarounds may work for users who are still experiencing BSOD errors on their computers.
System administrators report that fixing this issue is challenging because each machine requires a physical USB stick boot update. Moreover, remote updates are impossible since the machines cannot connect to the internet. “We have hundreds of Windows servers and thousands of Windows workstations affected by this,” a sysadmin wrote in a Reddit thread.
According to CNBC, CrowdStrike’s share price dropped by more than 19% in U.S. premarket trading. Notably, CrowdStrike’s market capitalization was $83.48 billion at the close of the market on Thursday. Meanwhile, Microsoft’s shares saw a 2.5% decline due to issues with its Azure cloud services and Microsoft 365 apps.
Update 04:58 PDT: In an interview with CNBC, George Kurtz has apologized for the service disruption triggered by the recent CrowdStrike update.
Update 05:49 PDT: Microsoft says that customers running Windows Client/Server virtual machines (VMs) will need to reboot their machines up to 15 times to fix this problem. “We have received reports of successful recovery from some customers attempting multiple Virtual Machine restart operations on affected Virtual Machines. Customers can attempt to do so as follows:
We’ve received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.”