In what looks like the biggest IT outage in years, a massive cybersecurity software outage is causing chaos across the globe.
Airports, banks, stock exchanges, 911 services, transit systems, hotels, news outlets, hospitals, emergency services, and more began seeing the infamous blue screen of death (BSOD) after cybersecurity firm Crowdstrike issued a software update on Thursday.
Also: The best antivirus software and apps you can buy
Crowdstrike provides cloud workload protection and endpoint security, threat intelligence, and cyberattack response services to clients that include Amazon Web Services, Microsoft, eBay, Visa, AT&T, and 82% of US state governments.
In a LinkedIn post, CrowdStrike CEO George Kurtz said the outage was due to a single Windows update. The issue isn’t with Microsoft itself, but only affects Windows systems. Mac and Linux customers are operating normally. Kurtz also added that the issue wasn’t the result of a cyberattack or a hack, and that Crowdstrike has identified and isolated the issue, and deployed a fix.
When systems went down, people felt the impacts right away.
Airports across the world developed snarling lines as the glitch grounded flights. In the US, Delta, American, United, Spirit, Frontier, and Allegiant were all affected by the outage, and while some have started to slowly begin operations again, most have not. Even when airlines come back online, it’s possible the effects of hundreds of canceled flights will last through the weekend.
Several hospitals, including one of the largest in Boston, canceled non-urgent procedures.
In Europe, several media outlets couldn’t broadcast, airlines shut down, hospitals couldn’t access records, transit systems saw delays, and the London Stock Exchange opened late. In Africa, customers of two major banks were not able to make payments with their cards at grocery stores and gas stations or use ATMs.
Even the popular outage tracker DownDetector was down on Friday morning, but it’s not clear if that’s from the increase in traffic or the outage itself.
Also: Cybersecurity 101: Everything on how to protect your privacy and stay safe online
Mike Walters, President and co-founder of Action1, a vendor of patch management software, suggested this type of problem happens due to inadequate testing scenarios and that deploying the update in phases could have mitigated the issue’s reach.
If you’re suffering from a BSOD today and have CrowdStrike on your computer, several system admins on a Reddit thread have shared a potential fix. You’ll need to boot Windows into Safe Mode or the Windows Recovery Environment and delete a file. If you know how to get into Safe Mode quickly on your computer, skip the first nine steps, but otherwise, these are Microsoft’s official instructions:
- Hold down the power button for 10 seconds to completely turn off your device.
- Press the power button again to turn your device back on.
- On the first sign that Windows has started, usually the manufacturer’s logo, hold down the power button for 10 seconds to turn off your device.
- Press the power button again to turn on your device.
- When Windows restarts, hold down the power button for 10 seconds to turn off your device.
- Press the power button again to turn on your device.
- Allow your device to restart into Automatic Repair, and select Advanced options to enter Windows Recovery Environment.
- Once there, select Troubleshoot > Advanced options > Startup Settings > Restart.
- After your device restarts, you’ll see a list of options. Select option 5 from the list, or press F5 for Safe Mode with Networking.
- Navigate to the C:WindowsSystem32driversCrowdStrike directory.
- Delete the file “C-0000029*.sys” and restart your computer.
Your computer should now boot normally.
Source: Robotics - zdnet.com
