CrowdStrike Incident Overview
On July 19, 2024, the world experienced a significant global computer outage known as the “CrowdStrike Incident.” Here’s a detailed breakdown of what transpired:
What Happened?
CrowdStrike, a well-known cybersecurity company, issued a faulty update for its security software running on Microsoft Windows. This update inadvertently caused widespread disruptions across several critical industries, including airlines, airports, banks, stock markets, broadcasting services, and 911 emergency dispatch centers.
The update specifically targeted CrowdStrike’s Falcon Sensor product, designed to install a network sensor at the operating system level to detect and prevent threats. Unfortunately, a defective kernel driver (csagent.sys) included in the update caused affected machines to encounter a blue screen of death (BSOD) with the stop code PAGE_FAULT_IN_NONPAGED_AREA. As a result, machines were stuck in a boot loop or entered recovery mode.
Immediate Actions Taken
CrowdStrike acted swiftly by reverting the faulty update at 05:27 UTC, which prevented further impacts on devices that booted afterward. By 09:45 UTC, CrowdStrike CEO George Kurtz confirmed that a fix had been deployed.
Impact
The incident had far-reaching consequences, including the cancellation of over 1,000 flights globally, significantly disrupting the travel sector. It is estimated that approximately 24,000 customers experienced problems due to CrowdStrike’s error.
Who is Affected?
If your computer runs Microsoft Windows and has CrowdStrike’s Falcon Sensor product installed, you might be affected by this incident. Here are some signs to look out for:
- Blue Screen of Death (BSOD): Your computer displays a BSOD with the stop code PAGE_FAULT_IN_NONPAGED_AREA.
- Boot Loop or Recovery Mode: Your computer is stuck in a boot loop or has entered recovery mode.
Steps to Restore Functionality
If you suspect your computer is affected, follow these steps to restore its functionality:
- Boot Windows into Safe Mode or the Windows Recovery Environment.
- Navigate to the C:\\\\Windows\\\\System32\\\\drivers\\\\CrowdStrike directory.
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
These steps must be performed on every affected machine. If you’re uncomfortable doing this yourself, it is advisable to contact your IT support team for assistance. They can guide you through the process and ensure your computer is functioning properly.
Key Points to Remember
This issue is a result of a software defect, not a security incident or cyberattack. CrowdStrike has identified the problem, isolated it, and deployed a fix. However, some systems may require manual intervention to recover fully. If you continue experiencing issues after following these steps, consider reaching out to CrowdStrike’s support team for further assistance.
MJ Sampsel
Cybersecurity Specialist and Team Lead
Additional Resources
- https://techcrunch.com/2024/07/19/what-we-know-about-crowdstrikes-update-fail-thats-causing-global-outages-and-travel-chaos/
- https://www.bbc.com/news/articles/cp4wnrxqlewo
- https://news.sky.com/story/it-outage-what-we-know-about-the-global-tech-meltdown-cloudstrike-and-microsoft-so-far-13180890
- https://www.abc.net.au/news/2024-07-19/what-is-crowdstrike-outage-explained/104120260
- https://www.technologyreview.com/2024/07/19/1095161/fix-windows-pc-microsoft-crowdstrike-outage/
- https://www.windowscentral.com/microsoft/mitigation-actions-microsoft-cloudstrike-outages
- https://mashable.com/article/windows-bsod-crash-crowdstrike-update-worldwide-outage
- https://www.tomshardware.com/software/windows/how-to-fix-cloudstrike-bsods-in-three-minutes-fix-requires-manual-changes-but-they-are-simple
Keep your mission-critical communication lines open and secure with InterTalk!
Contact InterTalk today to book a needs assessment to discuss your communication needs with our expert team.
Products

InterTalk Dispatch Console System
Powerful Radio Dispatch Solutions
Exact-fit dispatch solutions that direct all aspects of your control, communications, and intelligence infrastructure at a secure, single point of contact.

InterTalk Enlite™
Next Generation Cloud Ready Dispatch
Encrypted, secure & reliable, flexible dispatch solution with on-demand scalability providing operational continuity and mobility. Cloud or on-premises infrastructure.
Recent News
Enhancing Public Safety with Advanced Dispatch Systems
In high-stress emergencies, dispatchers make life-or-death decisions in mere seconds, handling over 240 million 9-1-1 calls annually in the U.S. alone.¹ An efficient dispatch system can mean the difference between saving a life or critical delays—making advanced...
InterTalk Modernizes Smiths Falls Fire Department’s Dispatch System to Expand Regional Coverage
Smiths Falls, ON, December 6, 2024 – InterTalk Critical Information Systems (InterTalk), in conjunction with its partner Frontline Communications, completed the replacement of the Smiths Falls Fire Department’s (SFFD) legacy dispatch console system with its InterTalk...
Enhancing First Responder Efficiency Through Retrieval-Augmented Generation (RAG)
In the wake of a natural disaster, such as the recent devastating Hurricane Helen that struck Florida, transportation infrastructure often suffers severe damage, creating significant challenges for first responders attempting to reach affected areas promptly. Heavy...