Today, thousands of Windows machines are experiencing Blue Screen of Death (BSOD) issues at boot, severely impacting banks, airlines, TV broadcasters, supermarkets, and numerous other businesses globally. The cause of this widespread disruption has been traced back to a faulty update from cybersecurity provider CrowdStrike. This update is forcing affected PCs and servers into a recovery boot loop, rendering them unable to start properly.
The issue is not related to Microsoft but is instead due to third-party CrowdStrike software, which is extensively used by many organizations for managing the security of Windows PCs and servers.
Rapid spread of the problem
The alarm was first raised by Australian banks, airlines, and TV broadcasters as their systems started to fail. As the workday began in Europe, the issues rapidly spread. UK broadcaster Sky News faced significant disruptions, unable to broadcast its morning news bulletins for hours, instead displaying an apology message for the interruption. Ryanair, one of Europe’s largest airlines, reported IT issues affecting flight departures, attributing the cause to a “third-party” problem.
Broader impact
In the United States, the Federal Aviation Administration (FAA) is assisting airlines like Delta, United, and American Airlines, which are experiencing communication issues. FAA spokesperson Jeannie Shiffer stated, “The FAA is closely monitoring a technical issue impacting IT systems at US airlines,” adding that several airlines have requested FAA assistance with ground stops for their fleets until the issue is resolved.
Berlin Airport has also warned travelers of potential delays due to “technical issues,” and 911 emergency call centers in Alaska have been affected. In India, one airline resorted to issuing handwritten boarding passes due to the outages.
CrowdStrike’s response
CrowdStrike CEO George Kurtz addressed the situation in a post on X (formerly Twitter), stating, “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.”
While CrowdStrike has identified the issue and deployed a fix, repairing the affected machines presents a significant challenge for IT administrators. The root cause appears to be an update to the kernel-level driver used by CrowdStrike to secure Windows machines. Although the faulty update was swiftly reverted, this action does not assist machines already affected.
Troubleshooting and workarounds
On Reddit, hundreds of IT administrators have reported widespread issues, with workaround steps involving booting affected machines into safe mode, navigating to the CrowdStrike directory, and deleting a specific system file. This process is particularly troublesome for cloud-based servers or remote Windows laptops.
One Reddit user reported their entire company was offline, while another mentioned that 70% of their laptops were stuck in a boot loop. Many IT admins are facing a challenging day ahead, with one remarking, “Happy Friday.”
Concurrent Microsoft 365 issues
In a separate incident, Microsoft is recovering from issues with its Microsoft 365 apps and services. The root cause was identified as a configuration change in a portion of their Azure backend workloads.
This dual set of problems underscores the complexity and fragility of the IT infrastructure that businesses rely on, highlighting the far-reaching impacts of software updates and the importance of robust testing and rapid response mechanisms.
