Huge Microsoft outage has taken down computers around the world
Flight disruptions caused by Blue Screens of Death: Microsoft and CrowdStrike apologize for the “flying-winds” outage
Airlines and businesses that rely on IT are facing widespread IT failures and errors that cause flight disruptions and leave businesses without computer equipment.
In the early hours of Friday, companies in Australia running Microsoft’s Windows operating system started reporting devices showing Blue Screens of Death (BSODs). Shortly after, reports of disruptions started flooding in from around the world, including from the UK, India, Germany, the Netherlands, and the US: TV station Sky News went offline, and US airlines United, Delta, and American Airlines issued a “global ground stop” on all flights.
The incident, so far, appears to only be impacting devices running Windows and not other operating systems. It is unclear how widespread the issues are and how long it will take to resolve them. Microsoft and CrowdStrike did not immediately respond to WIRED’s requests for comment on the outage.
CrowdStrike CEO George Kurtz said on Friday that the issues were caused by a “defect” in code the company released for Windows. Mac and Linux systems are not affected. “The issue has been identified, isolated and a fix has been deployed,” Kurtz said in a statement, adding the problems were not the result of a cyberattack. In an interview with NBC, he apologized for the disruption and said it may take some time for it to be back to normal.
A Microsoft spokesperson also issued a statement saying it is aware of the problems linked to Windows devices and the company believes a “resolution is forthcoming.”
CrowdStrike and Falcon Sensor: How Computer Systems Were Hurted by a Digital Catastrophe in the Last 12 Hours
The outages could result in “millions” being lost by organizations impacted who have had to halt their operations or stop business, says Lukasz Olejnik, an independent cybersecurity consultant, who says the CrowdStrike update appears to be linked to its Falcon Sensor product. The Falcon system is part of the security tools provided by CrowdStrike.
“It reminds us about our dependence on IT and software,” Olejnik says. “When a system has several software systems maintained by various vendors, this is equivalent to placing trust on them. They may be a single point of failure—like here, when various firms feel the impact.”
Only a handful of times in history has a single piece of code managed to instantly wreck computer systems worldwide: The Slammer worm of 2003. The NotPetya cyberattack was targeted by Russia. North Korea’s self-spreading ransomware WannaCry. Although the internet and IT infrastructure worldwide have been hit with a digital catastrophe in the last 12 hours, it’s not due to hacking but to the software designed to stop them.
Separately, the technical breakdown from CrowdStrike released Friday explains more about what happened and why so many systems were affected all at once.
On the Impact of C-00000291- on the Behavioral Protection Mechanisms of the Falcon Sensor, a Report by CrowdStrike
Channel files are the configuration files that are used in the behavioral protection mechanisms of the Falcon sensor. CrowdStrike has discovered new tactics, techniques, and procedures in the Channel Files that are updates to them several times a day. This process has been going on for a long time and has been in place for a long time.
CrowdStrike explained that the file is not a kernel driver but is responsible for “how Falcon evaluates named pipe1 execution on Windows systems.” Security researcher and Objective See founder Patrick Wardle says that the explanation aligns with the earlier analysis he and others provided about the cause of the crash, as the problem file “C-00000291- “triggered a logic error that resulted in an OS crash” (via CSAgent.sys).”
Systems running Falcon sensor for Windows 7.11 and above that downloaded the updated configuration from 04:09 UTC to 05:27 UTC – were susceptible to a system crash.