Organizations worldwide are reporting major outages that appear to be caused by a bad update pushed out by cybersecurity giant CrowdStrike (NASDAQ: CRWD).
CrowdStrike launched an investigation after receiving widespread reports of Windows hosts experiencing a Blue Screen of Death (BSOD). In the latest update provided at the time of writing the company said it’s in the process of reverting changes that may have caused the issue.
The BSOD appears to be caused by a recent CrowdStrike Falcon sensor update. Impacted devices are reportedly entering BSOD loops that make them inoperable.
A workaround that involves booting systems in Safe Mode and deleting a CrowdStrike component is being recommended.
CrowdStrike’s CEO, George Kurtz, said in a statement on the social media platform X that the problems are caused by a “defect found in a single content update for Windows hosts”.
“Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” Kurtz added.
Organizations around the world have been reporting major outages, including airports, banks, media outlets and hospitals. However, at least some of these incidents appear to stem from a Microsoft cloud service outage that is not related to CrowdStrike. Some news websites appear to be mixing the two incidents.
Still, the bad CrowdStrike update is causing problems for many, including major airports around the world. American Airlines told the BBC that flights were not allowed to take off, with the incident being blamed on a “technical issue with CrowdStrike”.
Even Google Cloud reported an incident affecting its Compute Engine, noting that “Windows VMs using Crowdstrike’s csagent.sys are crashing and going into unexpected reboot”.
Kevin Beaumont, a reputable cybersecurity expert, said the current global IT outage is caused by CrowdStrike, not Microsoft, which has resolved its own issues.
“Crowdstrike is the top tier EDR product, and is on everything from point of sale to ATMs etc – this will be the biggest ‘cyber’ incident worldwide ever in terms of impact, most likely,” Beaumont said.
Shares of publicly traded CrowdStrike are down roughly 20% in pre-market trading at the time of publishing.
This is a developing story.
*updated to add statement from CrowdStrike’s George Kurtz
Related: Apple’s Rapid Security Response Patches Causing Website Access Issues
Related: Massachusetts 911 Outage Caused by Errant Firewall
