Major Windows BSOD issue takes banks, airlines, and broadcasters offline
A faulty update from cybersecurity provider CrowdStrike is responsible for the global outage.
Thousands of Windows machines are experiencing a Blue Screen of Death (BSOD) issue at boot today, impacting banks, airlines, TV broadcasters, supermarkets, and many more businesses worldwide. A faulty update from cybersecurity provider CrowdStrike is knocking affected PCs and servers offline, forcing them into a recovery boot loop so machines can’t start properly. The issue is not being caused by Microsoft but by third-party CrowdStrike software that’s widely used by many businesses worldwide for managing the security of Windows PCs and servers.
Thousands of Windows machines are experiencing a Blue Screen of Death (BSOD) issue at boot today, impacting banks, airlines, TV broadcasters, supermarkets, and many more businesses worldwide. A faulty update from cybersecurity provider CrowdStrike is knocking affected PCs and servers offline, forcing them into a recovery boot loop so machines can’t start properly. The issue is not being caused by Microsoft but by third-party CrowdStrike software that’s widely used by many businesses worldwide for managing the security of Windows PCs and servers.
Australian banks, airlines, and TV broadcasters first raised the alarm as thousands of machines started to go offline. The issues spread fast as businesses based in Europe started their workday. UK broadcaster Sky News was unable to broadcast its morning news bulletins for hours this morning and was showing a message apologizing for “the interruption to this broadcast.” Ryanair, one of the biggest airlines in Europe, also says it’s experiencing a “third-party” IT issue, which is impacting flight departures.
Related
•CrowdStrike and Microsoft: all the latest news on the global IT outage
•Here’s how IT admins are fixing the Windows Blue Screen of Death chaos
•What is CrowdStrike, and what happened?
The Federal Aviation Administration (FAA) says it’s assisting airlines like Delta, United, and American Airlines due to communications issues. “The FAA is closely monitoring a technical issue impacting IT systems at US airlines,” says FAA spokesperson Jeannie Shiffer in a statement to The Verge. “Several airlines have requested FAA assistance with ground stops for their fleets until the issue is resolved.”
The Berlin airport is also warning of travel delays due to “technical issues.” Many 911 emergency call centers in Alaska have also been impacted by the issues. One airline in India has even turned to handwritten boarding passes due to the outages.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” says CrowdStrike CEO George Kurtz in a post on X. “Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.”
CrowdStrike says the issue has been identified and a fix has been deployed, but fixing these machines won’t be simple for IT admins. The root cause appears to be an update to the kernel-level driver that CrowdStrike uses to secure Windows machines. While CrowdStrike identified the issue and reverted the faulty update after “widespread reports of BSODs on Windows hosts,” it doesn’t appear to help machines that have already been impacted.
In a Reddit thread, hundreds of IT admins are reporting widespread issues, and the workaround steps involve booting affected Windows machines into safe mode and navigating to the CrowdStrike directory and deleting a system file. That will be troublesome on some cloud-based servers or even for Windows laptops that are deployed and used remotely.
“Our entire company is offline,” says one Reddit poster, while another says 70 percent of their laptops are down and stuck in a boot loop. “Happy Friday,” says one Reddit poster. It looks like it’s going to be a long day for IT admins worldwide.
In what appears to be a separate outage, Microsoft is also recovering from several issues with its Microsoft 365 apps and services. The root cause of those issues was down to “a configuration change in a portion of our Azure backend workloads.”