This has not been a good day for literally any Windows PC on Earth. Businesses have been affected by a glitchy CrowdStrike security update, which is causing Windows computers to be hit by the Blue Screen of Death.
Normally, this was just isolated to an individual user’s frustrations, which are fixed by entering System Recovery. But the scope of this is so massive, that it’s impacting airlines, banks, TV channels, and even emergency services. You can follow along with the latest on this outage on our live blog.
What I want to do is take you through everything we know — what has happened so far, who has been hit, why has it happened, and what the potential fix is.
A short timeline of events
- At around 12:15am ET on Friday morning, mass outages were being reported on Down Detector — citing a Blue Screen of Death across a whole lot of IT systems. Australia’s home affairs minister said the outage seemed to be related to a Crowdstrike issue.
- Following this, several companies, including airports, banks and media companies went down. Updates were posted on social media, pointing towards issues with Microsoft and Crowdstrike services.
- At 10:45am ET, Crowdstrike’s CEO posted a statement saying a “defect” was found in “a single content update to Windows hosts,” and that a “fix has been deployed.” Not much is known about the progress of said fix, as millions are still being hit hard by this.
Who is impacted?
This mass IT outage has hit a lot of companies across the globe. We’ve got a list of businesses and public services that you can check to see if they’ve been impacted.
Fortunately, it’s not *every* type of computer, as Mac and Linux users are not affected by this issue
How did it happen?
Specific details of what caused this are a little thin on the ground, but it seems to be a one-two punch of CrowdStrike and Microsoft. Based on early reports, the former seems to have been down to a security update, which packed a bug that knocked out systems.
Separately, Microsoft services also went down due to “Azure backend workloads,” which caused “connectivity failures.”
Is there a fix?
Sort of. From a global perspective, this is going to take a while. CrowdStrike CEO George Kurtz has issued a statement about it saying it is “not a cyberattack, and that the team is “fully mobilized to ensure the security and stability” of its customers.
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…July 19, 2024
However, as The Verge’s Tom Warren correctly points out here, the fix CrowdStrike is deploying requires machines to be online, which is… let’s say unlikely given what has happened.
On top of that, there’s concerns that this issue will require a “human visit to every machine,” to reboot every machine with a USB stick. So be extra nice to your IT admins today — they’ve got a mountain ahead of them!
However, there are three different workarounds — one published by CrowdStrike itself and two from Neowin that may work. If you’re experiencing this yourself, follow the steps below.
Method 1
- Startup your Windows PC in Safe Mode
- Head over to C:\Windows\System32\drivers\CrowdStrike in the File explorer
- Search for a file called "C-00000291*.sys" and delete it
- Restart the PC in regular mode
Method 2
- Open Command Prompt from Recovery options
- Head over to C:\Windows\System32\Drivers
- Change the name of CrowdStrike to Crowdstrike_Old
- Restart the PC
Method 3
- Startup your Windows PC in Safe Mode
- Open Windows Registry
- To disable the csagent.sys from loading that seems to be causing the impact, you need to edit the following key “HKLM:\SYSTEM\CurrentControlSet\Services\CSAgent\Start” from a 1 to a 4
- Restart the PC
Let us know in the comments if any of these options don’t work!