Major airlines worldwide are experiencing an IT outage, as are various large companies that rely on Windows, including banks and emergency systems. This is due to an incident involving CrowdStrike, a leading cloud-based cybersecurity platform.
CrowdStrike, founded in 2011 by George Kurtz (a former McAfee CTO), has grown to become one of the world’s most widely used cybersecurity companies, serving over 29,000 customers. Headquartered in Texas, CrowdStrike has achieved significant milestones, including detecting the Sony Pictures hack in 2014 and identifying cyber-attacks on the Democratic Party between 2015 and 2016.
What’s CrowdStrike and How Does It Relate to the Microsoft Cloud?
CrowdStrike detects and prevents possible cyber attacks, helping the companies it works with avoid critical damage.
One of the companies that works with CrowdStrike is Microsoft, which has confirmed that an incident with its platforms is due to a problem with CrowdStrike.
To be precise, the incident is related to one of its Crowdstrike's main tools: CrowdStrike Falcon Cloud Security, a solution for “stop[ping] breaches from code to cloud.”
Falcon is one of the protection systems for Windows. When Falcon fails, systems with Azure and Windows can’t ensure security, leading to system paralysis to avoid possible damage.
CrowdStrike sent a Falcon driver update with some issues, which Azure didn’t recognize. As a result, blue screens appeared on millions of systems and companies.
According to Reuters, the issue is affecting companies using the Azure platform, and problems have also been detected with services related to Microsoft 365.
Correcting the Issue
User BradW-CS from the CrowdStrike Reddit community first reported that the CrowdStrike team was investigating the incident. “We have widespread reports of BSODs on Windows hosts,” they wrote, adding that affected devices are displaying Windows’ “blue screen of death.”
This Reddit user later updated the post to say that the CrowdStrike team was experiencing the same downtime issues and displaying error screens indicating critical problems.
More recently, the user reported that the team had identified the issue and applied changes to correct it.
https://x.com/brody_n77/status/1814185935476863321
However, Brody Nisbet, CrowdStrike’s director of threat hunting, has acknowledged that the issue has been identified but not yet fixed. In the meantime, he recommends recovering systems by using Windows safe mode and deleting the C-00000291*.sys file.
Nisbet says that after rebooting, systems should be able to recover. He also notes the following: “That workaround won't help everyone, though, and I’ve no further actionable help to provide at the minute.”
Experts still don’t know at this time why CrowdStrike’s systems are down.
CrowdStrike Responds
CrowdStrike, which is listed on the NASDAQ, was down more than 13% before the market opened. After several hours of worldwide disruptions at most airports, CrowdStrike CEO George Kurtz has issued a message reporting on the situation.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”
The statement clarifies that the issue is specific to an update and isn’t related to any cyberattack.
This article was written by Enrique Pérez and originally published in Spanish on Xataka.
View 0 comments