Thousands of Windows machines are currently experiencing Blue Screen of Death (BSOD) issues on startup, affecting banks, airlines, TV broadcasters, supermarkets and large corporations across the world.
what happened?
A flawed update from cybersecurity provider CrowdStrike causes affected PCs and servers to go offline and enter a recovery boot loop, preventing the machines from booting properly. CrowdStrike is widely used by many businesses around the world to manage the security of Windows PCs and servers.
Affected machines will stop at a recovery blue screen on boot. Image: Microsoft
Australian banks, airlines and television stations were the first to raise the alarm when thousands of machines began to go offline. As European-based companies began to work, the problem escalated rapidly. British broadcaster Sky News was unable to broadcast its morning news bulletin for hours this morning, sending out a message apologizing for “this disruption to broadcasting”. Ryanair, one of Europe’s leading airlines, also said it was experiencing a “third-party” IT issue that was affecting flight departures.
CrowdStrike President and CEO George Kurtz said the global issue was caused by a flaw in a single content update.
“The update contained a software bug that caused problems for Microsoft’s operating system.”
He says.
“We identified this quickly and resolved the issue.”
“CrowdStrike is actively working with customers affected by the flaw found in the single content update for Windows hosts. Mac and Linux hosts are not affected.”
CEO George Kurtz said: X Statement.
what will you do?
It’s not easy to say what to do next. There are workarounds, but they are not scalable because they must be applied manually on a system-by-system basis. For large enterprises, it could take hours or more to get back up and running.
Adam Harrison, managing director of FTI Cybersecurity, said that once a system goes into a reboot loop, the nature of the problem makes it extremely difficult to resolve.
“It would take time for system administrators to manually apply fixes. CrowdStrike cannot remotely push new updates to fix them; manual intervention would be required on each system.”
Initial reports focused on a suspicious update, CrowdStrike Overwatch Director Brody Posts Regarding X, Twitter previously stated that “there is a flaw in the channel file, so this is not an update.”
There are workarounds, he added.
1. Boot Windows into Safe Mode or WRE.
2. Navigate to C:\Windows\System32\drivers\CrowdStrike
3. Find files matching “C-00000291*.sys” and delete them.
4. Boot normally.
CrowdStrike says the issue has been identified and a fix has been distributed, but fixing these machines is not easy for IT administrators. The root cause appears to be an update to a kernel-level driver that CrowdStrike uses to secure Windows machines. Identified the problem It reverted the flawed update after “widespread reports of BSODs on Windows hosts,” but it doesn’t seem to help machines that are already affected.
This is breaking news, please check Techwrix.com site regularly for the latest updates.
