The unprecedented IT outages Friday that knocked out thousands of banks, airlines, hospitals and other essential services around the world could be traced back to a single faulty antivirus update.
The global Microsoft outages, linked to cybersecurity firm CrowdStrike, spotlights the fragility of the internet infrastructure that many of us take for granted, experts say.
Even though the issue has been “identified, isolated and a fix has been deployed,” according to CrowdStrike CEO George Kurtz Friday morning, vital systems and services are still reeling from operating systems delivering the “blue screen of death.”
The global outage appeared to be caused by an incident at cybersecurity firm CrowdStrike, which then affected Microsoft services.
What is CrowdStrike?
CrowdStrike is a major U.S. cybersecurity firm whose products are used by thousands of companies in all sectors from health care to telecommunications. As an “end point security” firm, it uses cloud technology to protect devices connected to the internet from attacks.
Its flagship product, Falcon, believed to have caused the crash, is used by more than 6,000 companies around the world, according to market analysis firm Enlyft — including nearly 300 Fortune 500 companies, Falcon’s product page boasts.
As of time of writing, CrowdStrike stock has dropped nearly 15 per cent from its previous close, wiping away about $12.5 billion in value.
How did the CrowdStrike Microsoft outages happen?
In a statement by Microsoft, the issue affected systems running CrowdStrike’s Falcon Sensor, beginning around 3 p.m. ET Thursday.
“We can confirm the affected update has been pulled by CrowdStrike,” the company said. “Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance.”
Kurtz clarified only hosts running Microsoft operating systems appeared to be affected; “This is not a security incident or cyberattack,” he posted on X, pinning the blame on a “defect found in a single content update for Windows hosts.”
We live in a highly digitized society and economy, and researchers say you should just assume your personal data is already circulating. Here are
Falcon monitors and blocks nefarious activity such as malware — but requires intimate access to systems in order to do so. That may have allowed the defective update to “brick” affected computers, rendering them as useful as, well, bricks.
“This is a very, very uncomfortable illustration of the fragility of the world’s core internet infrastructure,” Ciaran Martin, professor at Oxford University’s Blavatnik School of Government and former head of the U.K. National Cyber Security Centre, said in a statement shared with the Star.
Kurtz is directing affected customers to the company’s support portal “for the latest updates and will continue to provide complete and continuous updates on our website,” he said. “We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels.”
A global technology outage grounded flights, disrupted hospitals and backed up border crossings in Canada. Porter Airlines said it was cancelling its morning flights due to the outage. Andrew Breeding, who was scheduled to fly Porter home to Los Angeles after a business trip to Toronto, said his flight out of the city's Billy Bishop Airport was one of those affected. (July 19, 2024 / The Canadian Press)
What was affected by CrowdStrike outages?
Few industries appear untouched by the outages that brought down banking services, stalled hospital services and cancelled thousands of flights around the world.
According to DownDetector, a service that tracks user-reported online disruptions, widespread outages are being reported at Canadian banks and banking services, including RBC, CIBC, Scotiabank, BMO and National Bank of Canada, as well as Visa and Interac. Service at TD Bank appears to be back online for many, after a spike in disruptions earlier in the morning.
Despite the DownDetector reports, CIBC says its banking systems were not affected by the CrowdStrike outage. A spokesperson said it’s possible people confused outages with banking services adjacent to CIBC with the company’s own issues.
Telecommunication companies Bell Canada, Rogers and Telus tell the Star they’re not experiencing any issues related to the CrowdStrike outages.
Several Toronto hospitals, including those in the University Health Network, say their systems have been affected and that some patients may experience delays.
Meanwhile, Pearson International Airport was warning travellers that flights could be delayed or cancelled, but specified that the operations at Air Canada, WestJet, Sunwing and Flair hadn’t been affected.
Porter Airlines said it was cancelling flights departing Friday morning until at least noon due to the outage.
How to fix CrowdStrike outage issue
In a post to the company’s Reddit page, CrowdStrike engineers advised the following fix for individual systems:
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
While a relatively easy fix for individuals, it may be harder to disseminate across larger companies as it requires the manual removal of a specific file from each affected system.
“Manual fixes are going to take time for system admins to apply: CrowdStrike can’t push a new update remotely to fix,” Adam Harrison, managing director at FTI Cybersecurity, told Forbes. “It’s going to need manual intervention on each system.”
“The fix itself is quick to perform, but when you scale that up to thousands of servers and/or thousands of workstations, it’s going to be a bad day in the office for lots of folks.”
Clarification — July 20, 2024
This story has been updated to clarify that services at telecommunication companies Bell, Rogers and Telus were not affected by the CrowdStrike outage.
To join the conversation set a first and last name in your user profile.
Sign in or register for free to join the Conversation