Who is responsible for Friday’s outage? Warning, it’s not Microsoft!

You haven't extended your trusted profile?  We explain how to set up a new one

The global outage of Windows systems, caused by an update to CrowdStrike’s Falcon Sensor antivirus, has disrupted the operations of numerous companies, including airlines and television stations.

On Friday morning, Microsoft’s systems went down globally. The effects were felt by individual Windows users and many businesses around the world. Airlines were forced to cancel flights, Sky News had problems broadcasting, and Australian telecommunications operator Telstra experienced disruptions to its services.

Cause of problems

After a closer look, it turned out that the problems were not caused directly by Microsoft software. The culprit turned out to be an update to CrowdStrike’s Falcon Sensor antivirus. It was this update that was responsible for the so-called “death loops” – a situation in which computers would restart endlessly.

Piotr Konieczny from the Niebezpiecznik.pl portal explained on TVN24:

The problem is not caused by Microsoft software, but by CrowdStrike. This is a new generation of antivirus. We can see this novelty all over the world.

”How did the failure happen?

The Falcon Sensor antivirus update had code that didn’t work properly. As a result, computers equipped with the program would constantly reboot when starting up.

The problem affected only users using a specific antivirus from CrowdStrike, not all Windows users. However, the popularity of Falcon Sensor meant that the outage had a global reach. Companies using other security programs did not experience similar difficulties.

Fixing the problem

Repairing a computer with Falcon Sensor by CrowdStrike is theoretically not complicated – just delete system files that do not match the pattern: C:WindowsSystem32driversCrowdStrikeC-00000291*.sys.

As the expert explained, the problem is that only system administrators can perform this task. Most employees of company computers do not have such permissions, which means that they need to contact administrators. Due to the nature of the problem, it cannot be solved remotely, because the computers do not have an Internet connection.

As a result, employees must hand-deliver computers to company administrators, a process that will likely take all weekend, creating additional problems. The expert predicts that it could take until the end of next week to return to normal, although some companies may be up and running within hours if their systems were taken offline as a precaution.

CrowdStrike Statement

CrowdStrike CEO George Kurtz confirmed all of this information, emphasizing that the issue did not affect Mac or Linux systems. He also emphasized that it was not a hack, and that the problem had been identified, isolated, and corrective actions taken.

CrowdStrike is actively working with customers who are affected by a flaw discovered in a single content update for Windows hosts. Mac and Linux hosts are not affected. This is not a security incident or cyberattack, Kurtz said.

“The issue has been identified, isolated, and a fix has been deployed. We are referring customers to the support portal for the latest updates and will continue to provide full and continuous updates on our website,” the CrowdStrike CEO assured.

“We further advise organizations to ensure that they communicate with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers,” he added.

Similar Posts