A global technology outage grounded airlines, disrupted news channels, took banks offline, and interfered with 911 operator systems, as employees around the world woke up on Friday to find they couldn’t work on their computers.
The cause of this outage was a software update originating from the cybersecurity company CrowdStrike. This faulty update caused some Windows computers to encounter the blue screen of death. In other words, instead of booting up normally, the affected computers crashed. This update did not affect Mac or Linux computers.
George Kurtz, CEO of CrowdStrike, wrote in a post on Friday morning: “CrowdStrike is working with customers impacted by an issue stemming from a content update. This is not a security incident or a cyberattack. The issue has been identified and a fix is in place to address it.”
Kurtz said that despite steps being taken to correct this bug, the outage might not be resolved quickly.
In an interview with NBC’s Today Show, Kurtz said, “It may take some time for some systems to automatically recover, but our task is to ensure that all customers’ systems are fully restored.”
Kurtz also apologized for the outage, stating, “We deeply regret the impact this cyber disruption has caused.”
Also read: Exchange services in Canada.
What is a Cyber Disruption?
For those unfamiliar with a cyber disruption, a software update from a company can bring the digital world to its knees.
CrowdStrike is one of the largest cybersecurity companies in the world and provides software to help companies detect and prevent hackers. The company’s software is widely used by Fortune 500 companies around the world to manage the security of devices running on Windows.
Even if a business does not use CrowdStrike’s security platform, their operations might still be affected by this outage. Businesses operating online often use other digital tools to help with their daily activities. If the companies providing these digital tools use CrowdStrike software, all their customers might be affected by this disruption.
Also read: Dollar transfers to Canada – Money transfers to Iran.
How Did the Outage Occur?
It appears that the popular Falcon software from the company is the source of this issue. Falcon is an antivirus platform used to secure endpoints such as laptops, servers, mobile devices, and point-of-sale (POS) systems. To monitor these endpoints for malware and suspicious activities, CrowdStrike software has deep access to the operating systems of these devices.
This is known as kernel-level access, which refers to the central part of a computer’s operating system that facilitates interaction between software and hardware. Cybersecurity software often needs this high level of access to reach any part of the computer system that hackers may target.
According to IT analysts, it seems that an update by CrowdStrike affected the kernel-level driver that CrowdStrike uses to monitor devices for malware. The faulty code appears to interact with the Windows operating system, causing computers to crash.
These affected devices then get stuck in what is known as a boot loop, where the computer is unable to complete its regular startup sequence and then repeatedly restarts in an apparently endless cycle.
Also read: English or French? Which language should we learn for immigration to Canada?
What is the Solution?
CrowdStrike states that changes have been made to repair and update the faulty software, but this does not immediately resolve the issue for affected computers.
This is because the computers impacted by the outage cannot reboot and come online to receive the repair. Instead, IT administrators worldwide must physically access the devices and remove the faulty driver.
CrowdStrike has provided the following steps to address this issue:
- Boot Windows in Safe Mode or Windows Recovery Environment.
- Navigate to the directory C:\Windows\System32\drivers\CrowdStrike.
- Locate the file matching “C-00000291*.sys” and delete it.
- Boot the computer as usual.
Some have also succeeded in simply rebooting the affected computers, hoping that the CrowdStrike update will be distributed through the network before the device reaches the Blue Screen of Death (BSOD).