CrowdStrike Incident Overview
On July 19, 2024, the world experienced a significant global computer outage known as the “CrowdStrike Incident.” Here’s a detailed breakdown of what transpired:
What Happened?
CrowdStrike, a well-known cybersecurity company, issued a faulty update for its security software running on Microsoft Windows. This update inadvertently caused widespread disruptions across several critical industries, including airlines, airports, banks, stock markets, broadcasting services, and 911 emergency dispatch centers.
The update specifically targeted CrowdStrike’s Falcon Sensor product, designed to install a network sensor at the operating system level to detect and prevent threats. Unfortunately, a defective kernel driver (csagent.sys) included in the update caused affected machines to encounter a blue screen of death (BSOD) with the stop code PAGE_FAULT_IN_NONPAGED_AREA. As a result, machines were stuck in a boot loop or entered recovery mode.
Immediate Actions Taken
CrowdStrike acted swiftly by reverting the faulty update at 05:27 UTC, which prevented further impacts on devices that booted afterward. By 09:45 UTC, CrowdStrike CEO George Kurtz confirmed that a fix had been deployed.
Impact
The incident had far-reaching consequences, including the cancellation of over 1,000 flights globally, significantly disrupting the travel sector. It is estimated that approximately 24,000 customers experienced problems due to CrowdStrike’s error.
Who is Affected?
If your computer runs Microsoft Windows and has CrowdStrike’s Falcon Sensor product installed, you might be affected by this incident. Here are some signs to look out for:
- Blue Screen of Death (BSOD): Your computer displays a BSOD with the stop code PAGE_FAULT_IN_NONPAGED_AREA.
- Boot Loop or Recovery Mode: Your computer is stuck in a boot loop or has entered recovery mode.
Steps to Restore Functionality
If you suspect your computer is affected, follow these steps to restore its functionality:
- Boot Windows into Safe Mode or the Windows Recovery Environment.
- Navigate to the C:\\\\Windows\\\\System32\\\\drivers\\\\CrowdStrike directory.
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
These steps must be performed on every affected machine. If you’re uncomfortable doing this yourself, it is advisable to contact your IT support team for assistance. They can guide you through the process and ensure your computer is functioning properly.
Key Points to Remember
This issue is a result of a software defect, not a security incident or cyberattack. CrowdStrike has identified the problem, isolated it, and deployed a fix. However, some systems may require manual intervention to recover fully. If you continue experiencing issues after following these steps, consider reaching out to CrowdStrike’s support team for further assistance.
MJ Sampsel
Cybersecurity Specialist and Team Lead
Additional Resources
- https://techcrunch.com/2024/07/19/what-we-know-about-crowdstrikes-update-fail-thats-causing-global-outages-and-travel-chaos/
- https://www.bbc.com/news/articles/cp4wnrxqlewo
- https://news.sky.com/story/it-outage-what-we-know-about-the-global-tech-meltdown-cloudstrike-and-microsoft-so-far-13180890
- https://www.abc.net.au/news/2024-07-19/what-is-crowdstrike-outage-explained/104120260
- https://www.technologyreview.com/2024/07/19/1095161/fix-windows-pc-microsoft-crowdstrike-outage/
- https://www.windowscentral.com/microsoft/mitigation-actions-microsoft-cloudstrike-outages
- https://mashable.com/article/windows-bsod-crash-crowdstrike-update-worldwide-outage
- https://www.tomshardware.com/software/windows/how-to-fix-cloudstrike-bsods-in-three-minutes-fix-requires-manual-changes-but-they-are-simple
Keep your mission-critical communication lines open and secure with InterTalk!
Contact InterTalk today to book a needs assessment to discuss your communication needs with our expert team.
Products
InterTalk Dispatch Console System
Powerful Radio Dispatch Solutions
Exact-fit dispatch solutions that direct all aspects of your control, communications, and intelligence infrastructure at a secure, single point of contact.
InterTalk Enlite™
Next Generation Cloud Ready Dispatch
Encrypted, secure & reliable, flexible dispatch solution with on-demand scalability providing operational continuity and mobility. Cloud or on-premises infrastructure.
Recent News
Enlite Feature Update | Q3 2025
As part of our commitment to continuous improvement, InterTalk has rolled out many impactful new features in Q3 2025! Here’s what’s new in Enlite: New Features Single Sign-On (SSO) with OpenID Enlite now supports Single Sign-On (SSO) using the OpenID Connect...
InterTalk & Logic Wireless Partner for ANZ Dispatch
DARTMOUTH, Nova Scotia, September 17, 2025 — InterTalk Critical Information Systems is proud to announce a new distribution partnership with Logic Wireless, a leading provider of critical communications solutions in Australia and New Zealand. Through this partnership,...
NENA Ontario Conference & Workshop – Booth 100
Join InterTalk and BRAMIC at the NENA Ontario Conference & Workshop 2025 in London, Ontario! InterTalk and BRAMIC are proud to announce our attendance at the NENA Ontario Conference & Workshop 2025, taking place at the Best Western Plus Lamplighter Inn &...
