A global outage impacted over 8.5 million machines running the Windows operating system.
A faulty content update from CrowdStrike impacted business operations across the globe. However, the incident wasn’t just an outage. It has brought along many facets that we as users need to ponder upon. Let’s dive deeper into everything that happened.
The global Microsoft and CrowdStrike outage brought many Windows systems to a standstill. The Microsoft and CrowdStrike issue didn’t just affect normal users but even had a grave impact on various business sectors. In this post, we’ll discuss the CrowdStrike issue in greater detail and even try to understand what can happen if such a meltdown occurs again.
Overview Of The Microsoft CrowdStrike Global Outage
It all started on 18th July around 6 PM (EST) when a software update rolled out by CrowdStrike created issues. After receiving the updates many Windows users encountered the infamous blue screen of death on their Windows computers. Then, there were systems that got stuck in boot loops or started flashing error messages like “It looks like Windows didn’t load properly”.
Also Read: Best Bluetooth Software for Windows 11/10
Reason Behind Microsoft CrowdStrike Outage
The issue was caused by a buggy update that further caused CrowdStrike’s Falcon Sensor to malfunction. Falcon hooks into Windows as a kernel process. The process gives Falcon high privileges to monitor operations across the Windows OS.
The update brought with itself a logical flaw in Falcon sensor version 7.11 and above because of which it crashed. Since Falcon’s integrated into Microsoft Windows kernel, it too led to Windows systems crashing or returning the infamous blue screen of death (BSOD).
Negating the incident as a cyberattack, here’s a tweet from George Kurtz the CEO of CrowdStrike.
Business Sectors Impacted By Global Microsoft Windows Outage
The CrowdStrike issue majorly impacted large organizations and not many individuals. The reason is - CrowdStrike, especially their sensor, Falcon is used by thousands of large organizations across the globe to protect their data. The sensor helps identify indicators of cyberattacks in real time.
The faulty update led to the outage in Microsoft products such as Microsoft Azure, PowerBI, Teams, Microsoft 365, Microsoft Fabric, and Viva Engage as discussed in this post.
The Microsoft global outage caused by the CrowdStrike issue disrupted operations across various sectors. There were major internet disruptions across international airports, emergency services, hospitals, banks, stock exchanges, IT firms, and media outlets.
A Glimpse of How Various Sectors Were Impacted
● Airlines - Over 10,000 flights across the globe were canceled until the systems were restored.
● Media outlets - Various media and broadcast outlets were taken off air because of the outage.
● Healthcare - There were disruptions in appointment systems and some states even reported that many emergency services, for example, 911 call centers were affected.
● Banking - Multiple payment platforms were affected globally, so much so, that many individuals who were expecting their paychecks didn’t receive them.
Probable Workaround
Microsoft identified an issue impacting Windows endpoints. These run CrowdStrike Falcon agents. Here is a workaround that could be helpful in fixing Windows outage -
Step 1 - Boot into Windows Recovery Environment (WinRE) or Safe Mode.
Step 2 - Navigate to this path - C:\Windows\System32\drivers\CrowdStrike directory
Step 3 - Locate the file matching C-00000291*.sys and once found, delete it.
Step 4 - Boot the host normally
Recovery Tool To Help With CrowdStrike
Microsoft has released an updated recovery tool as a follow-up to the CrowdStrike Falcon agent issue impacting Windows servers and clients. The tool automates manual steps in KB5042426 (server), and KB5042421 (client). You can download the signed Microsoft Recovery Tool from the Microsoft Download Center.
Once you have downloaded it, you can refer to the documentation and run the tool. There are two repair options -
- One that uses Windows PE. The option uses boot media which further automates device repair.
- The other recovers from safe mode. The affected device boots into safe mode. An administrator can then sign in with local administrative privileges and run the steps.
How Are Threat Actors Exploiting CrowdStrike Outage?
Incidents like this, open opportunities for malicious actors to pounce on unsuspecting users. They take it as an opportunity to spread malware, run malicious scams and steal crucial user data. Here is how threat actors are quick enough to exploit the global Microsoft outage -
- Several malicious domains such as crowdstrikebluescreen[.]com, and crowdstrikefix[.]com were registered within hours of outage. Within the first 24 hours of the outage, 40 typosquat domains were registered targeting CrowdStrike users. The intent of these sites is mostly to scam users by soliciting payments for BSOD fixes.
- CrowdStrike itself warned users of threat actors distributing a ZIP file “crowdstrike-hotfix.zip” that carried remote access trojan or RAT. You can find more information on CrowdStrike’s own blog.
- One campaign directly impersonates Microsoft Recovery Tool. This campaign distributes a Word Document that comes with the same instructions as can be seen on Microsoft’s own blog announcing Recovery Tool. What’s more alarming is that the campaign includes a legitimate Microsoft URL. Falling for the document, you might install a malicious macro that further installs malware.
What Can Businesses Do to Tackle Global Outages?
We can’t deny the fact that any industry today relies heavily on technology. And, as is evident from this tech meltdown, such outages can bring business operations to a standstill. This can further impact the customers who need to be served on priority. Let’s have a look at a few practices that businesses can undertake to tackle such incidents -
● First, businesses should have manual workarounds in place, should technical snags surface. It might sound like a fallback option pre-digital age, but this will ensure that customers are served even in case of technical outages.
● It is very important that before deploying or pushing any updates, especially in terms of mission-critical systems, they should be tested first. This way, risks if any, can be mitigated with time in hand.
● Have backup systems in place (even if it's using redundant infrastructure or systems) to minimize downtime and continuity of operations.
● Since recovery tools and advisories are being circulated, businesses should be careful about whom they take help from. CrowdStrike Intelligence itself recommends that when seeking help they communicate with CrowdStrike representatives through official channels.
Is The Microsoft CrowdStrike Outage Resolved?
While in most cases, everything seems to
be up andto up and running. However, there are
many users across the globe who are experiencing issues, especially with
Microsoft 365 services such as Outlook, Microsoft Teams, and others.
Why Were So Many Businesses Affected?
The massive outage can be attributed to reasons like the ones mentioned below.
● Heavy reliance on products from one company, Microsoft for daily business operations.
● Dependence on cloud-based services - The centralization of data and critical operations in the hands of a few providers.
● Interdependence on interlinked systems. This implies if one system fails, others will too.
● Reliance on third-party products for security.
To Sum Up
Whether as an individual or as a business owner how did the Microsoft outage impact your business and the people you are serving? Are you now able to run your business smoothly? Do share your experience in the comments section below. We’d also like to know what steps will you take if any such outage strikes in the future.