What is CrowdStrike? How a Cybersecurity Update Caused a Global Tech Blackout

A global technical outage has grounded airlines, knocked news channels off the air, taken banks offline and disrupted communications with 911 operators. On Friday, workers around the world woke up to find their computers unable to boot.

The reason for the outage is a single software update from cybersecurity firm CrowdStrike. The faulty update caused some Windows computers to display the Blue Screen of Death. In other words, instead of booting normally, the affected computers crash. The update did not affect Mac or Linux computers.

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” CrowdStrike’s CEO wrote George Kurtz in an X-post Friday morning. “This is not a security incident or cyber attack. The problem has been identified, isolated and a solution has been implemented.”

Kurtz said there is a fix for the bug, but it doesn’t appear the outage will be resolved anytime soon.

Receive the latest national news

Sign up for news stories that impact Canada and the rest of the world. You’ll receive instant notifications of breaking news as soon as it appears.

By submitting your email address you indicate that you have read and agree to the Global News terms and conditions. Conditions And Privacy Policy.

“It may take some time for some systems to automatically recover, but our mission is to ensure every customer is fully recovered,” Kurtz said in an interview with on NBC’s Today Show.

Kurtz also apologized for the outage: “We deeply regret any impact we caused.”

0:39
Global technical outage impacts flights at Pearson Airport

What is CrowdStrike?

For those unfamiliar with CrowdStrike, it may come as a surprise that one company’s software update is shaking up the digital world.

CrowdStrike is one of the largest cybersecurity companies in the world, developing software to help companies detect and prevent hacks. The company’s software is widely used by Fortune 500 companies and enterprises worldwide to manage the security of Windows devices.

Even if a company does not use the CrowdStrike security platform, their operations could still be affected by this outage. Businesses that operate online often use other digital tools to manage their daily operations. If the companies that provide these digital tools use CrowdStrike software, all of their customers could be affected.

How could the malfunction have occurred?

The company’s popular Falcon Sensor software appears to be the source of the problem. Falcon is an antivirus platform used to protect “endpoints” such as laptops, servers, mobile devices, and point-of-sale systems. In order to monitor these endpoints for malicious software and suspicious activity, CrowdStrike software has deep access to the device’s operating system.

This is known as kernel-level access, referring to the core level of a computer’s operating system that facilitates interactions between software and hardware. Cybersecurity software often needs this highly privileged access so that it can gain access to any part of the computer system that hackers might target.

The update CrowdStrike pushed appears to have affected the kernel-level driver CrowdStrike uses to monitor devices for malware, IT analysts said. The faulty code appears to interact with the Windows operating system and cause computers to crash.

These affected devices then get stuck in a cycle called boot looping, where the computer does not complete the normal boot procedure and restarts in a seemingly endless cycle.

What is the solution?

CrowdStrike says a patch has been released to fix the faulty software update, but that the issue is not immediately resolved.

This is because the computers affected by the outage cannot boot up and go online to receive the fix. Instead, IT administrators around the world must physically go to a machine’s system and remove the faulty driver.

CrowdStrike has delivered the following steps for temporary solutions:

1. Boot Windows into Safe Mode or Windows Recovery Environment
2. Navigate to the folder C:\Windows\System32\drivers\CrowdStrike
3. Find the file corresponding to “C-00000291*.sys” and delete it.
4. Boot the host normally.

Others have found success in just keep rebooting the affected computersin the hopes that the CrowdStrike update will be pushed out over the network before the machine gets the Blue Screen of Death.

© 2024 Global News, a division of Corus Entertainment Inc.