Global Outage: CrowdStrike Update Crashes Windows Machines – Key Information and Solutions

CrowdStrike’s faulty code update: What do we know so far?

The incident began on July 18, with reports flooding in from Australian banks and airlines that their systems had crashed overnight, leaving hundreds of businesses in the country in the dark. It didn’t take long for similar disruptions to be reported in other regions.

Before long, European and American companies were also reporting the same problem:

• TV broadcaster Sky News in the UK issued an apology for not being able to go live with the morning bulletin.\
• News outlet ABS News also reported a major network outage.\
• Low-cost airline Ryanair admitted experiencing IT issues affecting flights departures.\
• American airlines Delta, United and American Airlines had to cancel all their flights.\
• Indian airports and the Berlin airport had to delay flights due to the issue.

In total, over 5,000 flights worldwide were grounded, with major flight delays reported at top airports.

The airline’s chief executive Ed Bastian publicly apologised for the disruption and said the company was reviewing its technology partnerships.

But that was only just the tip of the iceberg. A massive thread on Reddit discussed the critical problems Windows users were experiencing and potential solutions to the BSOD issue.

You’ll see this thread on Reddit, from the discussion on CrowdStrike from a user named u/TipOFMYTONGUEDAMN

Delta Air Lines had to file a lawsuit against CrowdStrike on October 25, 2024 to seek damages for the disruption. CrowdStrike published a detailed blog post detailing their response to the outage and ongoing investigation.

Now, let’s get to the bottom of what this BSOD issue really is, and if it can be fixed right away.

BSOD on Windows explained

Here’s a quick rundown of what’s going on with the BSOD issue and why Windows is crashing.

Not long after the first reports of the issue came in, CrowdStrike came clean, revealing that a faulty channel file was at the root of the problem – and a very basic workaround was their response. Unbelievably, they didn’t even test it properly.

Here’s the statement from CrowdStrike’s chief threat hunter on X

1. Boot Windows into Safe Mode or WRE (that’s Recovery Environment for you non-techies).\
2. Open up the C:\Windows\System32\drivers\CrowdStrike directory (be careful not to mess this up, this is Windows we’re talking about here).\
3. Find and delete the offending file – that’s C-00000291*.sys.\
4. Boot up normally\

Solved, apparently.
But Why Did This All Happen?

What is the CrowdStrike Windows issue?

According to security experts, the main problem was a faulty update from CrowdStrike’s Falcon Sensor, which went wrong because a faulty channel file made it past CrowdStrike’s quality checks. This was a result of a more relaxed testing regime that’s usually used to push software updates to customers.

At the core of this problem is the CrowdStrike Falcon agent. Normally this thing is designed to block malicious attacks – but here it is essentially causing chaos. No less than half of the Fortune 500 companies use CrowdStrike, and that’s what makes this outage so massive, according to experts like Troy Hunt, a well-known cybersecurity guru who already called it the largest IT outage in history.The scale of the outage was something that had never been seen before. In part, that was because Falcon integrates so tightly with the Microsoft Windows kernel – which in turn is why we saw such a huge impact. Falcon runs deep within Windows to pick up on threats, and when it went down, Windows itself went down too, forcing BSODs and bootloops on millions of devices. And that was just the start – many organisations found themselves suddenly and catastrophically deprived of their primary endpoint detection and response capabilities because the very software meant to protect them had itself become the problem. That update – part of CrowdStrike’s Rapid Response Content program which usually gets less rigorous testing than standard updates – was the root of all the trouble.

I reckon it’s not too early to call it: this will have been the biggest IT outage of all time

— Troy Hunt (@troyhunt) July 19, 2024

Getting out of this mess turned out to be hard work because so many systems ended up in a boot loop and required an admin to intervene manually to get to the affected machines. The recovery process was especially tough on the poor IT folks, who had to manually reboot or apply a recovery procedure just to get systems back on line. It really was a job that could’ve been made easier with some automation in the system recovery and threat detection areas, which would have enhanced operational resilience and got computers back up and running faster. Something else organisations might do to be better prepared for the future would be to develop some manual workarounds and have redundant systems in place to cut downtime in the event of a tech failure. Even Microsoft have been working on their own resiliency plans to stop this sort of thing from happening again in future.

IT was caught out by the outage, with airlines, healthcare and finance all severely affected – and, of course, billions were lost globally (apart from Microsoft). While this wasn’t a typical cyberattack, malicious actors were quick to see an opportunity and started phishing the affected organisations. It’s just a reminder that we have to keep one eye on new threats and the evolving challenges of cybersecurity. Even CrowdStrike have got their hands on counter-adversary operations and are working to improve response procedures to stop future threats.

CrowdStrike gave a pretty detailed explanation of what went wrong in the outage, and followed this up with a preliminary Post Incident Review on July 24, 2024, explaining the flaws that led to the trouble.

But even while CrowdStrike were trying to untangle the mess, internet users were still trying to come up with their own theories for what had gone wrong:

The cause of the Microsoft / Crowdstrike outage

courtesy of @xkcdComichttps://t.co/Ngq5ZJ89Lnpic.twitter.com/NSdAT7wwt5

— Tim Graham 🌻 (@timothyjgraham) July 19, 2024

Right now there are thousands of customers all over the world just trying to figure out a way to get their Windows devices up and running again. So where next?

Affected Systems

The CrowdStrike outage sent shockwaves around the world, disrupting critical services in many industries – and causing a global outage that affected essential services across the board. The dodgy software update – Channel File 291 if you want the details – caused a blue screen on millions of Windows systems, and resulted in widespread Windows operating system crashes. Microsoft reckoned around 8.5 million Windows devices were affected, which while under 1% of the Windows user base, included many systems running critical day-to-day operations. What this meant was that the impact was massive – with significant knock-on effects in air travel, financial services, healthcare and government services.

It all came as a bit of a shock because the outage happened in the small hours, catching many organisations with their pants down and leading to immediate service disruption. Windows servers were hit hard – and as these are the backbone of the IT systems of big businesses, the impact was severe – from airline check-in systems to hospital appointment scheduling and bank transactions, everything was knocked out. Medical visits were delayed or cancelled, and financial institutions saw their operations severely disrupted – and the impact rippled right through the global economy. Big airlines like American Airlines were severely affected, highlighting just how dependent all these critical services are on reliable cybersecurity systems like CrowdStrike Falcon.

A preliminary post-incident review made one thing clear: a logic error in the Content Interpreter – a key bit of the CrowdStrike Falcon platform – had let in a problematic content data that ended up causing that nasty blue screen and Windows operating system crash. CrowdStrike said that the outage wasn’t down to any malicious actors or threat actors – but was rather down to a dodgy update that had slipped through the testing process. And the content in Channel File 291 was just not properly validated, highlighting the value of proper testing and good cybersecurity risk management.

CrowdStrike support teams were quick to respond, working closely with customers to give them the lowdown and guide them through recovery. They gave instructions on how to boot up affected systems in safe mode and manually remove the dodgy channel file – though for many, manual intervention was the only option. Software developers at CrowdStrike and experts in the wider community have been working together to identify the cause and find a fix – showing the value of collaboration in fixing big cybersecurity problems.

Internet users, meanwhile, were coming up with their own wild theories about what might have gone wrong:

The cause of the Microsoft / Crowdstrike outage

credit: @xkcdComichttps://t.co/Ngq5ZJ89Lnpic.twitter.com/NSdAT7wwt5

— Tim Graham 🌻 (@timothyjgraham) July 19, 2024

And thousands of users worldwide are still trying to figure out a way to sort out that CrowdStrike bug and get their Windows devices working again. Any chance of a solution on the horizon?The incident prompted a root cause analysis – and CrowdStrike released the whole report to the public. In that document, CrowdStrike’s CEO George Kurtz owns up for the service disruption and explains the steps they are taking to prevent anything like that happening again. These include introducing new and better testing and validation procedures, improving their cybersecurity risk management and coming up with new ways to detect and block stuff that might cause problems before it hits customer systems. CrowdStrike is also warning customers to keep a weather eye out for phishing emails and to be on their guard against other malicious activity that could try to exploit the current situation.

The CrowdStrike failure is already being used in the security world as a prime example of the importance of rigorous testing and proactive risk management when it comes to security products. The fact that it caused such a massive impact on key services – things like hospital visits, air travel and financial transactions – has really hammered home the need for continuous improvement and close co-operation between suppliers, customers and independent researchers. As the damage from the outage gets repaired, the lessons learned from it are going to help stop similar incidents happening in the future and make the world’s critical infrastructure even more resilient.

How to fix the CrowdStrike Sensor update issue

Once businesses around the world started hitting that BSOD error on their Windows machines, CrowdStrike has been doing all it can to find a solution. After the workaround was shared, IT administrators struggled to get affected devices and machines back up and running again – especially as many entered a state where they just kept looping back and needed manual intervention to sort out.

According to the company’s chief security expert – who, incidentally, posted a guide to the process (I’ll come back to that in a minute) – the first possible way to solve the CrowdStrike update problem was to follow these steps:

1. Boot your Windows into Safe Mode or the Windows Recovery Environment.
2. Head to C:\Windows\System32\drivers\CrowdStrike
3. Look for that C-00000291.sys file and delete it.
4. Boot the host in normal mode.

But recovery from the outage was pretty tough because systems often went into a loop and needed manual intervention to access and sort out. And the whole thing also highlighted the risks of pushing out updates without really testing them properly, as untested updates can cause all sorts of system failures and make recovery even harder.

However, CrowdStrike later confirmed that this fix won’t work for all users experiencing that BSOD issue. While they’ve already taken the CrowdStrike error codes out of the equation, some people who experienced the problem may still be unable to troubleshoot it and will have to wait for more updates.

Bottom line

So far, there have been no confirmed reports of data loss or security breaches related to the CrowdStrike outage. While the incident has affected loads of businesses and industries around the world, it’s also triggered a fair amount of litigation – including a lawsuit from Delta Air Lines for over $500 million in lost revenue and flight cancellations. CrowdStrike shareholders have also filed a class-action lawsuit against the company – alleging it failed to reveal its dodgy software validation process which led to the outage and a 32% drop in the company’s market value. On top of that, a Federal class-action lawsuit against Delta by passengers was allowed to proceed, claiming Delta withheld refunds and failed to provide suitable compensation for the disruption. CrowdStrike have filed a countersuit against Delta, arguing that damages should be limited by contract and that Georgia law doesn’t allow for this kind of thing if a contract is in place. The Australian government even held a national emergency meeting to address the outage, activating the National Coordination Mechanism while the UK government’s COBR committee also met to discuss the incident. Several US government entities – including the Department of Homeland Security, NASA, and the Federal Trade Commission – were also affected by the CrowdStrike outage. CrowdStrike reported a nearly $60 million drag on revenue through the first half of 2025 due to customer commitment packages offered to affected users. And, not surprisingly, it just goes to show that even the most up-to-date and advanced systems and technologies can still be vulnerable to unexpected crashes, failures and cyber-attacks. So it’s essential to stick to the basics and follow best practice to keep all our devices and personal info safe and secure.

And with that in mind, here’s your essential cybersecurity cheat sheet to help keep your Windows devices safe and sound, no matter what.

Cybersecurity cheat sheet for Windows users

Make sure you update your devices regularly: This means keeping your system up to date to address any weaknesses and grab the latest security patches.

Use strong and unique passwords: Come up with a good password for each of your accounts and change them regularly.

Avoid installing questionable software: Stay away from any dodgy apps and services – they may be carrying a virus.

Use a VPN: Get a good VPN for PC like VeePN – it encrypts your data and hides your IP address, which can stop all sorts of cyber threats, including public Wi-Fi risks.

Use a good antivirus solution: Get a decent anti-malware tool like VeePN Antivirus to do regular system scans and wipe out any harmful files on your device.

Stay informed: Activate the Breach Alert feature in your VeePN web account so you get notified when your personal info – things like passwords and credit card details – has been spotted in a security breach.Check out VeePN pricing plans and pop a trustworthy VPN onto your Windows machine to give yourself an extra layer of security and boost your Internet privacy. Give it a go right now with the peace of mind that comes with a risk-free money back guarantee!

Written by VeePN Research Lab VeePN Research Lab is dedicated to provide you latest posts about internet security and privacy.

Knowledge is power,
VeePN is freedom

Get VeePN Now

Download VeePN Client for All Platforms

Enjoy a smooth VPN experience anywhere, anytime. No matter the device you have — phone or laptop, tablet or router — VeePN’s next-gen data protection and ultra-fast speeds will cover all of them.

IOS and Android App

Want secure browsing while reading this?

See the difference for yourself - Try VeePN PRO for 3-days for $1, no risk, no pressure.

Start My $1 Trial

Then VeePN PRO 1-year plan