A massive IT outage has caused multiple services to be taken offline, whilst planes and trains have been grounded.

Potentially linked to an update from Crowdstrike to Microsoft users, the issue is apparently due to misconfigured update which is causing users globally to hit a ‘blue screen of death’ (BSOD).

In a Reddit update, a post - apparently by a member of the Crowdstrike team - said they are aware of "widespread reports of BSODs on windows hosts, occurring on multiple sensor versions. Investigating cause."

Defect in Single Content Update

Crowdstrike CEO George Kurtz has issued a statement, saying the company is actively working with impacted customers, and the issue has been caused by a defect found in a single content update for Windows hosts.

Confirming this was not “a security incident or cyberattack,” Kurtz said: "The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.

“"We further recommend organisations ensure they’re communicating with Crowdstrike representatives through official channels. Our team is fully mobilised to ensure the security and stability of Crowdstrike customers."

Reports of Crashes

The disruptive file was identified as an update for Crowdstrike's Falcon sensor, which was released on July 9th. A workaround has been published, with Crowdstrike has said it is "aware of reports of crashes on Windows hosts related to the Falcon sensor."

Crowdstrike has confirmed that it is no longer pushing the update, “so you only have to fix the machines that were already stuck in a BSOD loop: anything that isn't impacted now shouldn't be impacted.”

Writing on X, Crowdstrike's chief threat hunter Brody Nisbet offered a workaround, recommending users:

1. Boot Windows into Safe Mode or WRE.

2. Go to C:\Windows\System32\drivers\CrowdStrike

3. Locate and delete file matching "C-00000291*.sys"

4. Boot normally.

Cybersecurity researcher Kevin Beaumont wrote on X that the global IT outage "is Crowdstrike as cause, not Microsoft" and that two different outages got linked together, but while the Microsoft one was solved a while ago, it may be the Crowdstrike update that is causing the issue.

Infinite Loop

Ilkka Turunen, field CTO at Sonatype said in an email to SC UK that the update causes a BSOD loop on any Windows machine, essentially making it boot and crash on an infinite loop.

“Making it worse is the fact that there are a significant number of Windows machines that the update was auto-installed on overnight,” he said. “There are workarounds that customers of theirs will apply, but it seems to be very manual.

"It’s definitely a supply chain style incident - what it shows is that one popular vendor botching an update can have a huge impact on its customers and how far a single well-orchestrated update can spread in a single night."

In a statement sent to SC UK, a Microsoft spokesperson confirmed that the CrowdStrike update was responsible for bringing down a number of IT systems globally, and it is "actively supporting customers to assist in their recovery.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.