Panic on the planet this Friday, July 19: thousands of companies and services are at a standstill around the world, following a huge bug during a Windows software update. Here’s what you need to know about this unprecedented outage with impressive consequences on millions of PCs and servers.
Black Friday for thousands of businesses around the world. A giant computer outage has been affecting millions of Windows-powered PCs since early this morning. Airports and airlines, hospitals, television channels, online media, banks, government agencies… many services are down and unable to be provided for the moment. Paradoxically, this global outage is not due to a cyberattack but the result of an update deployed by CrowdStrike, an American company specializing in… cybersecurity, precisely.
A faulty update to patch a flaw, deployed on a large scale, and it’s panic. The failure apparently only affects PCs running Windows 10. It is characterized by the appearance of a blue screen (BSOD) inviting you to restart the computer in recovery mode (Recovery) but without success, causing reboots in a loop. But why are millions of PCs around the world experiencing these malfunctions? It’s because CrowdStrike operates protection and monitoring on thousands of servers of Microsoft’s Azure services. As a knock-on effect, the very many companies that use Microsoft’s services are impacted. And the snowball effect is impressive. In the United States, for example, major airlines such as Delta, United and American Airlines are forced to keep their planes grounded. Flights are therefore no longer provided for departures and arrivals. German, Spanish, British, Dutch and Hungarian airports are also suffering from the phenomenon. According to ADP (Aéroports de Paris), Roissy CDG and Orly would not be affected. However, delays remain highly likely given the situation abroad.
Still in France, large companies like TF1, Le Figaro, Fnac, Mondial Relay, Canal+, Orange… the list is growing by the hour. Even the RATP was affected in the morning.
Global IT outage: patch being deployed
At 11:45 (French time), George Kurtz spoke on X to reassure his customers. He said: “The issue has been identified, isolated, and a fix has been deployed. We refer customers to the Support Portal for the latest updates and will continue to provide comprehensive and ongoing updates on our website. We further recommend that organizations ensure they communicate with CrowdStrike representatives through official channels “.
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We
— George Kurtz (@George_Kurtz) July 19, 2024
IT administrators can now start to breathe. At the same time, CrowdStrike provides the procedure to follow if your PC continues to restart in a loop. First, restart the computer in safe mode by pressing the F4 key during startup (see our practical sheet on starting Windows in safe mode). Once the PC is accessible, open the folder WindowsSystem32driversCrowdStrike. Locate the file csagent.sys Or C-00000291*.sys (the star symbolizes a long list of numbers). Delete this item and restart the PC. Everything should be back to normal.
Still, it seems odd for CrowdStrike to roll out such an update in the middle of the summer season when airports and other logistics services are under strain. And the punishment for this global blunder was quick to come. CrowdStrike’s stock plunged 20% in pre-opening trading on Wall Street in New York. Beyond this significant loss of capitalization, it’s a safe bet that the publisher will struggle to recover from this event when the thousands of companies affected by its blunder demand accountability… starting with Microsoft.