Global Outage of Microsoft Services Linked to CrowdStrike Update
A major global outage of Microsoft services, including Windows and Office 365, has been linked to an update from CrowdStrike, an endpoint security software provider. The issue, which surfaced on Friday, resulted in the notorious ‘blue screen of death’ (BSOD) on Windows devices worldwide, leaving many users unable to access their systems.
CrowdStrike Update Triggers Widespread Issues
The problems began following a CrowdStrike update that caused Windows devices to display the error message, “Your device ran into a problem and needs to restart,” leading to an endless boot loop. Microsoft identified the error with the STOP code “PAGE_FAULT_IN_NONPAGED_AREA,” attributed to a failure in a CrowdStrike agent system file, as indicated by the error logs.
Impact of the Outage
The outage’s effects were far-reaching, impacting several Microsoft services such as the Microsoft Store and Microsoft 365, according to Downdetector. The disruption extended to critical services like 911 emergency systems in various US states, banks, airports, and IT companies globally.
Berlin Air had to suspend all flights, canceling check-ins and flight services until 10 am local time. Major US airlines, including Delta, United, and American Airlines, also grounded their flights due to a communication issue reported by the Federal Aviation Administration (FAA).
In India, airlines like IndiGo, Akasa Air, and Indian Airlines reported disruptions in their services, leading to long queues and booking errors. These companies attributed the issues to Microsoft’s Azure platform and assured customers that their digital experts were working on a resolution.
Media outlets such as the UK’s Sky News, CBBC, and Australia’s ABC News faced interruptions, while the London Stock Exchange (LSE) reported issues that prevented the RNS news service from publishing on its website.
Response from CrowdStrike and Microsoft
CrowdStrike’s CEO, George Kurtz, issued a statement confirming that the root cause had been identified and patched. Kurtz emphasized that the error was due to a defect in a content update for Windows and was not related to a security incident or cyberattack. The company is actively working with affected customers to resolve the issue. Kurtz clarified that the issue did not affect Linux or Mac devices.
Microsoft acknowledged the problem, which began at 6 pm ET, affecting customers primarily in the Central US area. The company stated that several mitigation actions were in progress, focusing on redirecting impacted traffic to healthy systems.
A Microsoft spokesperson assured customers, “We’re aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming.”
Workaround and Solution
CrowdStrike advised users still experiencing issues to boot their Windows devices into Safe Mode or the Windows Recovery Environment, navigate to the C:\Windows\System32\drivers\CrowdStrike directory, find the file matching “C-00000291*.sys,” and delete it before booting the host normally.
In a subsequent update, CrowdStrike confirmed that the problem related to a “Falcon Sensor” on Windows had been patched, and the changes were reverted by their engineering teams.
As the global tech community continues to recover from the disruptions, both CrowdStrike and Microsoft are closely monitoring the situation to ensure that such incidents are prevented in the future.
Also read: Mercenary Spyware: Threats and Safeguards