Microsoft CloudStrike Defect Launches ‘Blue Screen of Death’ Worldwide
“This is what Y2K wishes it was.”
Businesses, hospitals, government agencies, and airlines are now dealing with the consequences of a massive IT failure after Microsoft experienced a massive meltdown entangling millions in the worldwide web.
Hundreds of thousands of computers running on Windows were knocked offline or stuck on so-called ‘blue screens of death.’
Banks, airlines, television networks, trains and healthcare systems reported widespread outages starting around 2am ET.
The chaos was due to a defect in a single content update by Crowdstrike, a US-based cybersecurity firm used by Microsoft, the company shared at 5:30am ET.
Crowdstrike assured the public that the outage was not caused by a cybersecurity attack and that it could take up to 36 hours to fix, analysts told DailyMail.com.
The company’s CEO George Kurtz indicated that the entire outage was the result of a defect found in a single content update for Windows hosts.
“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” he said on social media. One expert suggested it may be the “largest IT outage in history.”
Separately, Microsoft cloud services were restored after an outage, the company said on Friday, even as many users continued to report issues.
The defect was also compounded by another problem related to the cloud service system, Azure.
The chaos stemmed from an update sent by CrowdStrike, a cybersecurity company based in Austin, Texas, to businesses that use its software to protect against hackers and online intruders. But when CrowdStrike’s new code reached computers that run Microsoft Windows software, the machines began to crash.
…The CrowdStrike flaw was not the only problem facing Microsoft. On Thursday, some Microsoft clients in the central United States, including some airlines, were affected by an outage on its cloud service system, Azure. Microsoft’s cloud service status page indicated that it had identified a preliminary cause, though some users may still be unable to access certain Microsoft 365 apps and services, including Teams video conferencing.
The fix to this defect seems to be challenging to address.
I don't think you guys fully grasp how big this is.
Around a billion computers are bricked worldwide, mostly corporate ones.
This isn't just an online service going down for a few hours. Every affected computer needs to be rebooted in fail mode and have a driver manually… pic.twitter.com/khHe4edchB
— Ray (@raymo_g) July 19, 2024
Correcting the glitchy software’s resolution is labor intensive. As one commenter noted, “This is what Y2K wishes it was.”
But simply restarting might not fix the issue, users report. On Reddit, IT workers discussed the dizzying scope of the outage.
“This is what Y2K wishes it was,” one user commented. Others said the outage was the worst they’ve seen and noted the multiple steps they’re taking to get their employers back online.
…Most of the work of getting systems working again will fall to IT professionals working for organizations. But people at home can attempt to work around the blue screen of death as well.
Your best bet right now is to restore your computer to a version before the update. To do so, power on your PC, but before it can launch, press and hold the power button to turn it back off. Do this three times in a row, and after the third time, you should see some advanced settings appear. Go to “advanced options,” then “system restore.”
Many businesses are now reevaluating their involvement with Crowdstrike.
Tech mogul Elon Musk has announced he has removed Crowdstrike from all his systems amid the ongoing glitch.
The SpaceX and Tesla CEO made the announcement on social media platform X.
We just deleted Crowdstrike from all our systems, so no rollouts at all
— Elon Musk (@elonmusk) July 19, 2024
The timing of this could not be worse for the airline industry, which is in the middle of the heavy summer travel season.
CROWDSTRIKE Airline Outage 12 Hour TimeLapse
Major U.S. airlines have grounded flights and there are global delays. United, American and Delta have ordered a “global ground stop,”
The clearest skies since 9/11https://t.co/9mpEGSIJaT
— MJTruthUltra (@MJTruthUltra) July 19, 2024
Air travel was immediately hit, as carriers depend on smooth scheduling that, when interrupted, can ripple into lengthy delays. Out of more than 110,000 scheduled commercial flights on Friday, 2,691 have been cancelled globally and more are expected to be called off, according to aviation analytics firm Cirium.
Airports from Los Angeles to Singapore, Amsterdam and Berlin said airlines were checking in passengers with handwritten boarding passes, causing delays.
Of course, this is on top of all the government agencies, medical facilities, and other business entities that were also impacted.
Until this is all resolved, it appears that the “Internet of Things” has temporarily succumbed to the “Blue Screen of Death”.
DONATE
Donations tax deductible
to the full extent allowed by law.
Comments
Golly gee whiz… Maybe this whole creation of a dependence on a centralized system for damn near everything isn’t such a hot idea. No redundancy and/or allowing establishment of single point of failure vulnerability is dumb, it saves money short term but when it goes wrong it goes very wrong.
System is way too delicate and QC is way too lax if this can happen so carelessly.
Why is anyone blaming Microsoft?
CrowdStrike, is an add on software.
It’s like blaming Ford because someone bought cheap gasoline.
I dislike the Microsoft corporation but I didn’t screw up my computer by adding on CrowdStrike. So my computer is working as intended.
CrowdStrike is the company that the FBI relied on, without submitting evidence, that the DNC server was hacked by Trump friendly Russians.
Well, because it only affected hosts running on Microsoft windows. If you’re running a Mac or if you’re running Linux you were not affected.
“It’s like blaming Ford because someone bought cheap gasoline.”
Or, the latest trend of blaming Boeing because United doesn’t have personnel who know how to bolt a wheel onto a landing gear, or for when an engine (NOT made by Boeing) has a compressor stall on takeoff.
Companies need to seriously reconsider running their own servers v cloud and using their own IT dept to push updates on their own schedule after internal testing. If MSFT is too ‘buggy’ and needs constant updates v being well written from the start before release/deployment that’s a separate issue.
Came here to say the same thing, and I’m not a Microsoft apologist in any way. I read a lengthy, technical explanation about what happened from a C++ programmer on X. He went line-by-line into the absurd programming errors. Crowd Strike owns this, 100%. There really needs to be an explanation/investigation into how an update could have been distributed that had such glaring errors.
But, hey, let’s get rid of cash and move to CBDCs! What could go wrong?
Glad I never moved past Windows 7.
I still have one computer running 7, although it’s becoming a challenge. I’ve discovered that it has a lot of internal recovery software that I never knew existed. I’ve gotten it to recover from a wide variety of crashes and hard drive malfunctions, although it’s gotten a little slower.
Do a reinstall to recover lost speed.
Microshit has become increasingly intrusive, just so many obnoxious things.
Install Linux Mint Cinnamon, I am in the process of migrating about 15 computers right now. I am ditching Roku for the same reasons. They are another company pushing garbage on customers.
Run the disc cleanup utility to gain back some speed. Although Windows has made VERY good leaps in “housekeeping” over the years there can still be a lot of stuff being piggy about storage space.
All my machines are on Windows 11. Given my d’ruthers I’d be running 7 or XP. The 11 runs fine, but is becoming just to blasted gunked up with stuff I don’t want, like Co-Pilot, a thing with various news and other bits I do not want, and other such things.
I am > this close < to downloading a bunch of different Linux packages and trying them via thumb-drive to see which I get along with the best. If anyone has any suggestions I am open to them. My geek days are just about over, so please, don't suggest some SlackWare thing where I have to tweak and poke and prod just to get it to work. I'm thinking Ubuntu or Mint. I just want something that resembles either Windows or iOS desktops and I will be fine.
I liked 7. We had very few problems with it. The real issue, IMO, is the subscription model v the licencing/ownership model. With one framework the product needs to be more ‘complete’ or maybe independent is a better word, requiring less time and attention b/c it is done by consumers and in house IT dept. In the cloud and subscription model the updates are centralized and the product can be released with more issues to be corrected later as ‘part of the service’.
You might look at ZorinOS as well, Its Ubuntu derived with a focus on ease of use and it has built in themes to resemble Windows or Mac automatically if you pay for the ~$50 version.
No Linux is without some amount of learning curve though, you’ll get more out of it eventually if you take the time.
News here is the only air carrier unaffected was Southwest Airlines, who still run… Windows 3!
According to CNBC, the big problem with CrowdStrike is that it doesn’t just run on the central servers that want to be protected… it also has to run on every computer that accesses that server, even outside the company. So banks, shippers, suppliers, travel agents, anybody who interfaced with an airline using CrowdStrike also had to have CrowdStrike installed on their gear. With the result that even though the central companies with the big IT departments are now back up, their stakeholders are still down.
Just think of Crowdstrike as a vaccine that can give third parties the original disease. We’ve never heard of that happening before… have we Bill?
Bill?
Bill?
CrowdStrike. The guys that manufactured a fake Russian hack of the DNC. Yeah, who wouldn’t trust them?
Yep. That company that was part of that whole “Grizzly Steppe”, Russian hack bullsh*t. The retards claimed that phishing a moron was such a sophisticated operation that it had to be a “state actor”. LOL. They should have been put out of business right then and there. Crowdstrike are utter treasonous scum.
It’s very interesting that none of the articles talking about this collasal failure bother to even mention that.
“It’s very interesting that none of the articles talking about this collasal failure bother to even mention that.”
Yes, it is. But, not unexpected. One has to keep the narrative going, and this is doing it by omission.
I wondered how long it was going to take for someone to remember that.
To be completely accurate, this was a “CrowdStrike” buggy driver update that broke Windows systems, not a Microsoft update.
The fact that Windows software is shitty notwithstanding, this one falls on CrowdStrike’s shoulders. They should have been working on their patch QA and testing environments rather than helping the Democrats with their political aims.
I suspect that they’re not going to be around much longer after this debacle.
I bet their DEI stats are primo!
My whole agency spent the whole day with remediation. There were at least 1,500 servers and 25,000 workstations out of service when I went home. I expect the weekend will be full of overtime hours getting those back online, since there is no automated fix and a person has to get to each of those workstations.
In just salary and overtime, that’s a lot of taxpayer dollars down the drain. I hate to think of the damage to real, productive organizations.
How do we know these lying f*cks didn’t just root every effected box?
Because they already had that degree of access anyway.
I suspect you’re correct if this was a driver it was already ring zero
Welcome to … The Shitternet
These updates should be not be deployed in one big bang. Instead these updates should be progressively deployed with sufficient time between successive waves to ascertain that the updates were successful. Because of current software complexity, there is no technology that will allow for a proof of correctness. Current SW development methodology and verification can only reduce the presence of defects to very low probabilities.
Crowdstrike, a global cyber security corporation based in TX., was tasked with investigating ‘questions’ surrounding Russian ‘interference’ w/ the 2016 & 2020 election. *wink *wink
From the crowdstrike website: “…As a longstanding leader in defending elections globally, CrowdStrike understands the importance of these efforts and we want to do our part to help raise and sustain awareness.”
Uh, huh. Since the voting public has the attention span of a gnat, tell me this ‘blue screen of death’ affecting computers worldwide wasn’t a dry run to crash it all come this November’s election.
Go on. Tell me this wasn’t a dry run. I’ll wait.
My son reports that voting machines in Maricopa County were involved in the outage.
But this can’t possibly be true, since we are assured that voting machines are never connected to the Internet, and so could not possibly have even NEEDED this software.
No, voting machines were not affected. They’re not even being used.
The machines affected are the ones used to check a voter in, verify their eligibility and print their ballot. Those usually are connected to the ‘net, so they can access the voter database. It’s counting machines that we’re assured are never connected to the ‘net, and that may well be true; it also may not be, but since nobody’s counting votes at this time, they wouldn’t be affected by this anyway.
The machines affected are those used to PRINT ballots, which you can’t cast your vote in Maricopa County without. (It’s now too late to request mailed paper ballots for our primaries.)
If you recall, the 2022 cockup was also solely due to the ballot PRINTING machines, in heavily red neighborhoods, printing the wrong size image, not any faults in the ballot COUNTING machines. And that was enough to skew the whole election.
The whole on-demand paper ballot scam is fertile with opportunities for ballot fraud. They “require” networked machines when there is no such requirement in the basic problem statement of running an election.
The county-ballyhooed ability for a Gila Bend voter to show up 75 miles from home to cast his vote in Cave Creek, and receive a ballot with all the proper Gila Bend local candidates on it, is something the citizens neither asked for nor needed… and (AFAIK) doesn’t exist anywhere else. It’s technological bloat at the expense of election security.
The affected machines are integral to the electoral process here, whether you believe it or not. Do better.
Their re-insurers must be sleepless tonight.
Hack and infiltration, not a buggy system.
See, I don’t think so.
Computer users had already GIVEN CrowdStrike all the access they would have needed to hack and infiltrate their system. If that was the goal, then they would have just done it quietly beause they already could have. Instead, they crashed the system, which indicates stupid. Much simpler to suspect that the incident simply started and ended with stupid, with no sneaky in the middle.
It seems that someone forgot the lesson of Microsoft NT 4 Service Pack 2. Coming soon to Crowdstrike’s offices.
“Going out of business.”
If they botched their QA testing, they are going to be so bankrupted.
They should be, but they are linked to the FBI and DNC. CrowdStrike wasn’t required to submit the evidence they “found” on the DNC server hack that linked it to Trump friendly Russians.
This was one of the earliest attempts by the FBI attacking Trump.
Do this really takes me back to why the hell I got out of the it business. I learned to hate Microsoft decades ago and this just solidifies it. If you were running a Mac or a Linux system this didn’t even touch you.
“The company’s CEO George Kurtz indicated that the entire outage was the result of a defect found in a single content update for Windows hosts.”
H1B-visa programmer perhaps?
I work in a large university hospital and this was bad. Our IT is still working on getting computers back up and running. When I left yesterday my system wasn’t up.
We had to delay surgeries and treatments.
I do want to address one thing I have heard, that people “died”. I can’t speak for everyone but no Emergency Life saving surgery/procedure was delayed. Thankfully we still do train how to do these things without all the lights and gizmos.
Though seeing the disruption this caused it does highlight how overly dependant we have become on these systems. Look what a mistake did, this wasn’t even malicious or an “attack”. Kind of scary.
Why would Microsoft have made any kind of deal with CrowdStrike?
We probably don’t want to know the answer.
CrowdStrike deserves to be driven into bankruptcy.
The principals of Crowdstrike deserved prison sentences long ago.
Microsoft used Crowdstrike for AV on servers owned by Microsoft. Ones that run O365 mail and stuff. And honestly if you were running the latest version of Windows Server, 2022, the fix was very easy. On the bluescreen is a button that says see advanced options. Click it. One of the options is command prompt. Choose that. The command prompt comes up on X drive, switch to E which is the same as C on a normal boot and run this command. del windowssystem32driversCrowdstrikeC-00000291*.* then reboot. I did that more times than I can count yesterday. And notice the directory the file you delete is named Crowdstrike and is not there on a clean install of Windows.
apparently should have enclosed the path in quotes, all the backslashes were removed.
del “windowssystem32driverscrowdstrikec-00000291*.*”