Crowdstrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

A widespread system failure is currently affecting numerous Windows devices globally, causing critical boot failures across various industries, including banks, rail networks, airlines, retailers, broadcasters, healthcare, and many more sectors. The issue, manifesting as a Blue Screen of Death (BSOD), is preventing computers from starting up properly and forcing them into continuous recovery cycles.

The cause of the failure has been identified as an update to Crowdstrike Falcon antivirus software installed on Windows 10 PCs, but Mac and Linux machines running the same cybersecurity software have been spared. Crowdstrike, which specializes in endpoint security protection for corporate networks, has just released the following statement:

"Crowdstrike is actively working with customers impacted by a defect found in a single content update for Windows hosts.

"Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.

"The issue has been identified, isolated and a fix has been deployed.

"We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.

"We further recommend organisations ensure they're communicating with Crowdstrike representatives through official channels.

"Our team is fully mobilized to ensure the security and stability of Crowdstrike customers."

Unfortunately, the nature of the problem means that fixing it isn't as simple as installing a patch. The workaround to break the infinite boot cycle on affected Windows machines involves manually booting into safe mode, navigating to the CrowdStrike directory, and deleting the system file that caused the problem. As such, it could be a while before all services impacted by the content update are back up and running.

For those who have a Windows machine that has succumbed to the botched update (now rolled back), Crowdstrike has outlined the following steps system admins need to take to get back up and running:

1.     Boot Windows into Safe Mode or the Windows Recovery Environment.
2.     Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
3.     Locate the file matching 'C-00000291*.sys', and delete it.
4.     Boot the host normally.

As expected, Apple's system status webpage shows no issues with its services, however there have been scattered reports of problems with contactless payments across some businesses, which could prevent Apple Pay transactions from being processed.

Source