Defective CrowdStrike update triggers mass IT outage

BREAKING NEWS -- A massive IT outage that affected Windows systems across the globe was caused by a defective update for CrowdStrike's Falcon threat detection platform.

Reports of widespread outages across the globe emerged Friday morning as several major airlines, media companies, government agencies and other organizations experienced the blue screen of death (BSOD) across their Windows systems. While the Windows crashes initially stoked concerns of a potential cyber attack, security experts quickly determined the culprit was a botched update from CrowdStrike that caused a BSOD error in Windows systems running Falcon agents.

CrowdStrike CEO George Kurtz later posted a statement to X, formerly Twitter, confirming the update caused the Windows crashes. "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted," Kurtz wrote in the post. "This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed."

Kurtz referred users to CrowdStrike's support portal for more information and urged customers to communicate with company representatives through official channels. "Our team is fully mobilized to ensure the security and stability of CrowdStrike customers," he wrote in the post.

Resolving the BSOD error is apparently complicated, as multiple cybersecurity vendors have said CrowdStrike's workaround requires users to reboot impacted Windows systems in safe mode, removing the defective file and then restarting the system normally. However, this workaround must be applied manually to each machine, which could make recovery extremely complex and time-consuming for organizations.

Microsoft posted guidance on X via the company's Microsoft 365 Status account on how to restore Windows 365 cloud systems to a known good state prior to Friday's update. Additionally, Microsoft's Azure cloud status site said the company received reports from some affected customers that recovered after multiple restarts of their virtual machines. "We've received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage," the status update read.

It's unclear how the defective Falcon update was issued. However, Brody Nisbet, director of CrowdStrike Overwatch, posted on X that there was a "faulty channel file, so not quite an update."

TechTarget Editorial contacted CrowdStrike for additional comment, but the company did not respond at press time.

Maxine Holt, Omdia's senior director of cybersecurity, said the incident might have serious and long-term consequences for CrowdStrike, one of the world's biggest and most well-known companies in the infosec industry.

"This is very bad for CrowdStrike from a business perspective. The best outcome for them is that it fades into memory. But given that CrowdStrike states that its 'customers benefit from superior protection, better performance, reduced complexity and immediate time-to-value,' the opposite is clearly true today. And customer performance, for some, is at zero," Holt said. "The events of today are highly likely to follow CrowdStrike for some time and could do even more damage to the business. Furthermore, it will encourage plenty of CISOs and CIOs to re-evaluate their approach to tool consolidation and vendor selection."

Reporting in progress. Full story to follow.

Senior news writer Alex Culafi contributed to this article.

Rob Wright is a longtime reporter and senior news director for TechTarget Editorial's security team. He drives breaking infosec news and trends coverage. Have a tip? Email him.