On July 19, 2024, the tech world experienced a significant disruption due to an issue with a recent content update for CrowdStrike’s Falcon sensor on Windows hosts. This incident, which has been termed the “largest IT outage in history,” impacted numerous businesses worldwide, leading to system crashes, operational delays, and widespread inconvenience.
What Caused the Outage?
CrowdStrike identified a defect in a content update that affected only Windows hosts, causing crashes and blue screen errors. The problematic update was deployed early on July 19th but was quickly identified and isolated. The company emphasized that this was not a cyberattack and that Mac and Linux hosts were unaffected.
Impact of the Outage
The outage had far-reaching effects:
- Air Travel: Thousands of flights were grounded or delayed, causing chaos at airports.
- Financial Services: Banks and financial institutions experienced disruptions in their operations.
- Healthcare: Hospitals had to revert to manual processes as computers displayed blue screen errors.
- Manufacturing: Companies like Tesla had to halt production temporarily due to system failures.
- Retail: Starbucks experienced issues with mobile ordering, leading to store closures and frustrated customers.
Workaround and Resolution
CrowdStrike has provided a workaround to address the issue for affected hosts. Here’s a summary of the steps you can take to resolve the problem:
Reboot the Host:
- Ensure the host is connected to a wired network for faster internet connectivity.
- Reboot the host to download the reverted channel file.
If Crashes Persist:
- Boot Windows into Safe Mode or the Windows Recovery Environment.
- Navigate to the
%WINDIR%\System32\drivers\CrowdStrike
directory. - Locate and delete the file matching
C-00000291*.sys
.
For Virtual Environments:
- Detach the operating system disk volume from the impacted virtual server.
- Create a snapshot or backup before proceeding.
- Attach the volume to a new virtual server.
- Navigate to the CrowdStrike directory and delete the problematic file.
- Reattach the fixed volume to the impacted server.
CrowdStrike has reverted the problematic update, and systems that are online after the fix should operate normally without further issues.
Geeks.Online: Your Reliable IT Partner
We are pleased to inform you that none of our customers were affected by this issue. At Geeks.Online, we take proactive measures to ensure the stability and security of our clients’ systems. Our team of experts is always prepared to prevent and mitigate such disruptions.
If you need immediate assistance or want to contract onsite technicians to help resolve your downtime issues, contact us at 1-800.Geeks.Online (800.433.5766) or email [email protected]. We’re here to help!
For further details on managing the CrowdStrike Falcon sensor issue, please refer to the official CrowdStrike documentation and updates.