Windows PCs were hit by a global outage on July 19 that affected major companies on five continents. They are stuck on the famous “blue screen” indicating a critical failure. This is the latest update of the Endpoint Detection and Response (EDR) software of the American company Crowdstrike.
It contains a badly formatted .sys file that crashes the Crowdstrike driver on system startup. These applications (an evolution of what used to be called antiviruses) have access to system resources at a very low level, and therefore their failure can seriously compromise the stability of machines.
Difficult automatic recovery of affected systems
Crowdstrike has already rolled back its problematic update, but this does not resolve the issue for already affected machines as they cannot restart normally. The company’s CEO, George Kurtz, posted a message on social media urging customers to stay in touch through official channels.
Update : Booting into safe mode and deleting the affected file (C-00000291*.sys) in “C:\Windows\System32\drivers\CrowdStrike” solved the problem. Some administrators report that with a certain number of reboots (up to 15), most affected machines can also reboot normally (long enough network availability before the blue screen allows the corrective update to take place, fixing a problem file).
However, the need for manual intervention to restore the numerous damaged systems makes this incident a nightmare for IT teams around the world, who will undoubtedly spend the entire weekend there.
Many airports are affected
Airports in Berlin, Amsterdam-Schiphol, Zurich and all Spanish airports are blocked. In the United States, the Federal Aviation Administration (FAA) explained that all flights “whatever the destination” were suspended due to “communication problems”. Ryanair, Transavia, Sydney Airport and Air France also reported disruption, with computer systems at Paris airports spared for now. ADP shows, however, that there may be a “check-in delays, delays and suspension of certain flight programs” at Roissy-Charles de Gaulle and Paris-Orly airports.
Across the Channel, the country’s main rail operator Govia Thameslink Railway canceled trains after “extensive computer problems” in his network. The outage also affects certain TV channels, such as Canal+ and TF1 in France, Sky News in the UK and ABC in Australia. The London Stock Exchange delayed the listing of the FTSE100, justifying “a global technical issue related to a third party preventing the publication of the information”. The International Olympic Committee, Paris2024, also announced that its IT activities were “affected” from the breakdown.
Microsoft 365 services affected by another outage
Apparently unrelated, another outage also affected Microsoft’s cloud services. “We continue to take mitigation measures”, the Redmond-based company said in a message posted on X (formerly Twitter). She specifies on one page that “users may not be able to access various Microsoft 365 apps and services”and that she continues “to address the ongoing impact on the remaining Microsoft 365 apps that are in a degraded state.” The cause of this outage is apparently a misconfiguration of part of Microsoft’s Azure servers.