Skip to main content

Global IT outage takes down airlines, banks, 911 services, more; CrowdStrike to blame

A huge mistake by cybersecurity company CrowdStrike has caused a global IT outage on a massive scale, with airlines, banks, health services, and more affected – including some 911 centers.

United, Delta, and American Airlines are among the airlines who have been forced to ground flights. Broadcaster Sky News was taken off-air for several hours. Many retailers have been unable to accept payments. In short, it’s chaos out there …

CrowdStrike’s security software is used by a huge number of companies and other organizations, and a faulty update caused Windows PCs around the world to crash and enter a reboot loop, leaving them completely unusable.

The company’s CEO admitted responsibility for the mess, but downplayed its impact (“a defect found in a single content update”) and, notably, completely failed to apologize.

CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted.

This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.

The internet was quick to point out this omission.

To make matters worse, if that is possible, the company put the notice behind a client login – leaving many customers unable to even see it because their work PCs were down, meaning they had no access to the password managers needed to log in.

The severity of the issue, with PCs unable to reboot, means it’s going to take a significant time for affected organizations to fix.

There is a workaround, but that will currently need to be implemented on a PC-by-PC basis.

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it. 
  4. Boot the host normally. 

Microsoft also has a potential fix for virtual machines – involving up to 15 reboots!

Using the Azure Portal – attempting ‘Restart’ on affected VMs
Using the Azure CLI or Azure Shell

We’ve received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.

Macs aren’t affected, but a lot of the services Mac users need to access will be down today.

Screengrab courtesy of Mukul Sharma

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications