CrowdStrike and Microsoft have released troubleshooting solutions after a global tech outage disrupted business across several industries and grounded thousands of flights Friday morning.
As far as freight is concerned, it appears the outage has caused issues mainly for airlines, as rail and maritime are not reporting notable outages. Outages affecting trucking freight have not been reported.
U.S. cybersecurity company CrowdStrike says a software update rolled out to customers on Windows devices was defective and caused the glitch. The company states on its website that this event is not a security incident or cyberattack, but rather is related to its Falcon Sensor software.
“The issue has been identified, isolated and a fix has been deployed,” CrowdStrike states in a post on the website. “We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
The post details symptoms of bugcheck or blue screen errors related to the Falcon Sensor. CrowdStrike says Windows devices that have not been impacted do not require any action since the problematic update file has been reverted. Windows devices brought online after 1:27 a.m. EDT will also not be impacted.
Devices running Windows 7/2008 R2 are not impacted, and the issue is not impacting Mac or Linux-based devices.
The post also offers troubleshooting tips for addressing the glitch. Additionally, Microsoft posted on X/Twitter that the company is aware of the incident on Windows devices. The post includes troubleshooting tips as well as a link referring to CrowdStrike’s statements on the matter.
Troubleshooting
The CrowdStrike post states its engineering team has identified an update related to the issue and has reverted those changes. For devices that are still crashing and are unable to stay online to receive the update, the following steps can be used to work around the issue:
Workaround steps for individual hosts:
- Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then:
- Boot Windows into Safe Mode or the Windows Recovery Environment. (Putting the host on a wired network, as opposed to Wi-Fi, and using Safe Mode with Networking can help remediation.)
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory.
- Locate the file matching “C-00000291*.sys” and delete it.
- Boot the host normally.
Bitlocker-encrypted hosts may require a recovery key.
Workaround steps for public cloud or similar environment including virtual:
Option 1:
- Detach the operating system disk volume from the impacted virtual server.
- Create a snapshot or backup of the disk volume before proceeding further as a precaution against unintended changes.
- Attach/mount the volume to to a new virtual server.
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory.
- Locate the file matching “C-00000291*.sys” and delete it.
- Detach the volume from the new virtual server.
- Reattach the fixed volume to the impacted virtual server.
Option 2:
- Roll back to a snapshot before 12:09 a.m. EDT.
If all else fails, Microsoft offers the option to restore Windows 365 Cloud PCs to a known good state prior to the release of this update.