CrowdStrike Incident Overview

On July 19, 2024, the world experienced a significant global computer outage known as the “CrowdStrike Incident.” Here’s a detailed breakdown of what transpired:

What Happened?

CrowdStrike, a well-known cybersecurity company, issued a faulty update for its security software running on Microsoft Windows. This update inadvertently caused widespread disruptions across several critical industries, including airlines, airports, banks, stock markets, broadcasting services, and 911 emergency dispatch centers.

The update specifically targeted CrowdStrike’s Falcon Sensor product, designed to install a network sensor at the operating system level to detect and prevent threats. Unfortunately, a defective kernel driver (csagent.sys) included in the update caused affected machines to encounter a blue screen of death (BSOD) with the stop code PAGE_FAULT_IN_NONPAGED_AREA. As a result, machines were stuck in a boot loop or entered recovery mode.

Immediate Actions Taken

CrowdStrike acted swiftly by reverting the faulty update at 05:27 UTC, which prevented further impacts on devices that booted afterward. By 09:45 UTC, CrowdStrike CEO George Kurtz confirmed that a fix had been deployed.

Impact

The incident had far-reaching consequences, including the cancellation of over 1,000 flights globally, significantly disrupting the travel sector. It is estimated that approximately 24,000 customers experienced problems due to CrowdStrike’s error.

Who is Affected?

If your computer runs Microsoft Windows and has CrowdStrike’s Falcon Sensor product installed, you might be affected by this incident. Here are some signs to look out for:

• Blue Screen of Death (BSOD): Your computer displays a BSOD with the stop code PAGE_FAULT_IN_NONPAGED_AREA.
• Boot Loop or Recovery Mode: Your computer is stuck in a boot loop or has entered recovery mode.

Steps to Restore Functionality

If you suspect your computer is affected, follow these steps to restore its functionality:

1. Boot Windows into Safe Mode or the Windows Recovery Environment.
2. Navigate to the C:\\\\Windows\\\\System32\\\\drivers\\\\CrowdStrike directory.
3. Locate the file matching “C-00000291*.sys”, and delete it.
4. Boot the host normally.

These steps must be performed on every affected machine. If you’re uncomfortable doing this yourself, it is advisable to contact your IT support team for assistance. They can guide you through the process and ensure your computer is functioning properly.

Key Points to Remember

This issue is a result of a software defect, not a security incident or cyberattack. CrowdStrike has identified the problem, isolated it, and deployed a fix. However, some systems may require manual intervention to recover fully. If you continue experiencing issues after following these steps, consider reaching out to CrowdStrike’s support team for further assistance.

Additional Resources

• https://techcrunch.com/2024/07/19/what-we-know-about-crowdstrikes-update-fail-thats-causing-global-outages-and-travel-chaos/
• https://www.bbc.com/news/articles/cp4wnrxqlewo
• https://news.sky.com/story/it-outage-what-we-know-about-the-global-tech-meltdown-cloudstrike-and-microsoft-so-far-13180890
• https://www.abc.net.au/news/2024-07-19/what-is-crowdstrike-outage-explained/104120260
• https://www.technologyreview.com/2024/07/19/1095161/fix-windows-pc-microsoft-crowdstrike-outage/
• https://www.windowscentral.com/microsoft/mitigation-actions-microsoft-cloudstrike-outages
• https://mashable.com/article/windows-bsod-crash-crowdstrike-update-worldwide-outage
• https://www.tomshardware.com/software/windows/how-to-fix-cloudstrike-bsods-in-three-minutes-fix-requires-manual-changes-but-they-are-simple

Keep your mission-critical communication lines open and secure with InterTalk!

Contact InterTalk today to book a needs assessment to discuss your communication needs with our expert team.

Products

InterTalk Enlite™

Next Generation Cloud Ready Dispatch

Encrypted, secure & reliable, flexible dispatch solution with on-demand scalability providing operational continuity and mobility. Cloud or on-premises infrastructure.