CrowdStrike Falcon flaw sends Windows computers into chaos worldwide
A faulty driver in CrowdStrike’s Falcon security software has caused millions of Microsoft Windows systems to malfunction, creating major issues for business worldwide.
Thousands of Windows machines worldwide, including those at banks, airlines, TV broadcasters, and supermarkets, are experiencing a Blue Screen of Death (BSOD). The faulty CrowdStrike update has caused affected PCs and servers to enter a recovery boot loop, preventing them from starting properly. Early Friday, companies in Australia first reported the issue, which quickly spread globally to the U.K., India, Germany, the Netherlands, and the U.S.
CrowdStrike CEO George Kurtz posted a message to X Friday morning that a fix was being deployed and the incident was not the result of a cyberattack.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” Kurtz said. “Mac and Linux hosts are not impacted.”
In another post on X, Kurtz apologized and said the company is working to rectify the situation.
“We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption,” the post read. “We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.”
Microsoft has issued service updates as it triages the impact. It has a lengthy statement on its Azure page on how organizations can remedy the issue. The company also posted on X that the issue impacted its Windows 365 Cloud PCs, which are virtual desktops hosted in the Microsoft Cloud.
The company said among impacted services were:
- PowerBI
- Microsoft Fabric
- Microsoft Teams
- Microsoft 365 admin center
Microsoft posted on X Friday afternoon that all of those services returned to normal operations.
The U.S. Cybersecurity and Infrastructure Security Agency told CyberScoop it’s “working closely with CrowdStrike and our federal, state, local and critical infrastructure partners to fully assess and address these issues.”
A White House official told a pool reporter that “the president has been briefed on the CrowdStrike outage and his team is in touch with CrowdStrike and impacted entities. His team is engaged across the interagency to get sector by sector updates throughout the day and is standing by to provide assistance as needed.”
Businesses around the world had their operations come to a standstill due to the outage.
The airline industry was particularly hit hard. Top U.S. airlines — United, Delta, and American Airlines — issued a “global ground stop” on all flights. The Irish airline Ryanair also stated that it was currently experiencing disruption across its network.
The Federal Aviation Administration said it was “closely monitoring” the issue, working with airlines and airports on ground stops until the issue is resolved. According to flight-tracking website FlightAware, over 25,000 flights have been delayed and 2,550 have been cancelled as a result of the issue.
The outage has also impacted hospitals and health care facilities across the country. Hospitals in Boston, Philadelphia, and Northern Virginia have had a mix of surgical procedures, appointments, or customer access to online records impacted as of 10:30 a.m. ET Friday.
The American Hospital Association told CyberScoop IT outages were spread across the country, with “some disruptions to medical technology, communications and third-party service providers.”
“These disruptions are resulting in some clinical procedure delays, diversions or cancellations. Impact is also being felt indirectly as a result of local emergency call centers being down,” said John Riggi, the association’s national adviser for cybersecurity and risk. “Impacted hospitals are working hard to implement manual restoration of systems and the CrowdStrike patch. Affected hospitals have also implemented downtime procedures to ensure that disruptions to patient care are minimized or avoided to the extent possible.”
Electronic medical record system provider Epic said through a spokesperson that its Nebula cloud platform was impacted, but has restored access to those features.
“Some groups have reported that the laptop and desktop workstations their staff use to access Epic are down,” the spokesperson said. “Others report that issues with data center software are preventing them from using multiple systems including Epic. Organizations that have been affected are following pre-established downtime protocols to continue delivering patient care. Epic staff are working with customer IT teams to restore access as fixes or mitigation approaches are available from CrowdStrike.”
The outage has also impacted the federal government’s IT services. The Social Security Administration closed all offices according to the agency’s website. SSA said that individuals should expect longer call wait times for its national 800 number and that “some online services are unavailable.”
An agency manager within the Department of Homeland Security reported that some of their staff had trouble logging into desktop computers and had to spend the morning working on phones or through virtual desktop or web pages applications.
The Enterprise Service Desk at the Department of Veterans Affairs is also down, according to a person familiar with the matter, though it’s not yet clear if it’s related to the CrowdStrike flaw.
States including Connecticut, Delaware, Michigan and Virginia have reported that they’re monitoring the incident and its effects to their Microsoft Windows machines. Cities including Washington, D.C., and New York are among those that have reported disruptions.
The issue has also impacted emergency services in several states, including Alaska, Arizona, Indiana, Minnesota, New Hampshire, and Ohio.
Rebecca Heilweil, Caroline Nihill, Keely Quinlan and Tim Starks contributed to this story.
