Banks, airports, TV stations, hotels, and numerous other businesses are experiencing extensive IT outages, resulting in grounded flights and significant disruptions, due to widespread errors on Windows machines.

In the early hours of Friday, companies in Australia using Microsoft’s Windows operating system began reporting Blue Screens of Death (BSODs). Soon after, reports of disruptions poured in from around the world, including the UK, India, Germany, the Netherlands, and the US. TV station Sky News went offline, and US airlines United, Delta, and American Airlines issued a “global ground stop” for all flights.

The widespread Windows outages have been traced to a software update from cybersecurity company CrowdStrike. Cybersecurity officials believe the issues are not due to a malicious cyberattack but rather a misconfigured or corrupted update that CrowdStrike deployed to its customers.

CrowdStrike engineers are addressing the issue affecting their Falcon Sensor product. Falcon, described by CrowdStrike as “a platform specifically designed to stop breaches through a unified set of cloud-delivered technologies that prevent all types of attacks, including malware and more,” is currently experiencing problems.

WORKAROUND

Brody Nisbet, the director of overwatch at CrowdStrike posted on X a workaround

1. Boot Windows into Safe Mode or WRE.

2. Go to C:\Windows\System32\drivers\CrowdStrike

3. Locate and delete file matching “C-00000291*.sys”

4. Boot normally.

While there is a manual workaround that can help, there is currently no systemwide patch to correct this update. This blog will update as new information is released.

Update from Microsoft: https://x.com/MSFT365Status

Title: Users may be unable to access various Microsoft 365 apps and services

User impact: Users may be unable to access various Microsoft 365 apps and services.

More info: Users may notice that some of the affected users are seeing relief as we continue to mitigate the impact.

Impacted services may include but are not limited to the following:

– PowerBI: Users may notice that their service is in read-only mode while we address impact.

– Microsoft Fabric: Users may notice that their service is in read-only mode while we address impact.

– Microsoft Teams: Users may be unable to leverage Microsoft Teams functions including presence, group chats, and user registration.

– Microsoft 365 admin center: Admins may be intermittently unable to access the Microsoft 365 admin center and any action may be delayed if accessible.

Current status: The underlying cause of the issue has been fixed and several Microsoft 365 apps and services have been restored to full functionality. Residual impact is still affecting some Microsoft 365 apps and services, and Microsoft 365 engineering are continuing to conduct additional mitigation actions to provide relief. We’re continuing to observe an increase in functionality and availability for the remaining impacted scenarios and we’re monitoring this closely to ensure we’re progressing towards full recovery. Microsoft is continuing to treat this event with the highest possible priority.

Scope of impact: This issue may be impacting any user attempting to use various Microsoft 365 apps and services.

Start time: Thursday, July 18, 2024, at 9:56 PM UTC

Preliminary root cause: A configuration change in a portion of our Azure backend workloads, caused interruption between storage and compute resources which resulted in connectivity failures that affected downstream Microsoft 365 services dependent on these connections.