CrowdStrike, a Texas cybersecurity firm, updated its Falcon Sensor product last Friday, triggering a major global outage that affected numerous Microsoft services.
The disruption wasn’t limited to Microsoft’s applications; services utilizing Microsoft technologies like Azure also experienced significant failures. This outage impacted various sectors worldwide, including airports, banks, and media outlets, leading to flight delays, booking errors, broadcast failures, and payment issues.
Tesla and SpaceX CEO Elon Musk called the incident the “biggest IT fail ever.” As the situation stabilizes, here are five crucial points to understand about this significant Microsoft global outage:
1. Root Cause:
The issue originated from a content update deployed by CrowdStrike for its Falcon Sensor software. CrowdStrike identified a failure in the “csagent.sys” system file as the culprit. Microsoft reported this error under the STOP code “PAGE_FAULT-IN-NONPAGED_AREA” on Windows devices.
2. Errors Encountered:
Problems began around 6 PM ET, affecting users in Microsoft’s Central US region trying to access Azure services. Many PC users encountered the dreaded ‘blue screen of death,’ and attempts to restart resulted in devices entering continuous boot loops.
3. Global Impact:
The CrowdStrike update error caused widespread disruptions. IT firms, airports, and banks reported operational challenges. Major airlines, including Delta, United, and American Airlines, temporarily halted flights in the US. In India, airlines like Akasa Air and Indigo also reported disruptions. In the UK, users faced difficulties with card payment processing. Media outlets such as the UK’s Sky News, CBBC, and Australia’s ABC News experienced broadcasting issues.
4. Response and Resolution:
Microsoft undertook several mitigation actions and worked on redirecting traffic to unaffected systems. CrowdStrike’s CEO, George Kurtz, confirmed that a patch had identified and resolved the root cause. He clarified that the mishap stemmed from a defect in a content update specifically for the Windows platform, not from a security breach or cyberattack.
5. Temporary Workaround:
For those still experiencing issues, CrowdStrike has recommended a temporary fix. Affected users should start their Windows device in Safe Mode or access the Windows Recovery Environment to navigate to system settings. Deleting a file named “C-00000291*.sys” has been suggested to resolve the ongoing problems.
