CrowdStrike Reveals Technical Details of Update Causing Windows Systems Crash
A recent update to CrowdStrike’s Falcon endpoint security software has resulted in widespread system crashes for Windows users across the globe. The incident, which occurred on July 19, 2024, was triggered by a configuration update designed to enhance protection against malicious cyberattacks. However, a logic error in the update caused impacted systems to crash and display a blue screen of death (BSOD).
Windows users running Falcon sensor version 7.11 and above who were online between 04:09 UTC and 05:27 UTC on July 19th were vulnerable to the system crash. The issue did not affect systems running Linux or macOS.
Before the fix was implemented, the faulty update had already wreaked havoc on various sectors worldwide. Several 911 emergency service agencies in New York (EMS, police, and fire departments), Alaska, and Arizona, as well as parts of Canada, reported disruptions due to the CrowdStrike update. A 911 telecommunicator in Illinois even resorted to using paper-based methods while awaiting system recovery.
The healthcare sector wasn’t spared either, with Catalonia’s health hotline in Spain also experiencing disruptions. Authorities urged citizens to refrain from calling the emergency number (061) unless absolutely necessary.
The aviation industry also felt the impact, with Dutch broadcasting organization NOS reporting that the glitch caused disruptions at Schiphol Airport, leading to the grounding of several KLM and Transavia flights. Similarly, Melbourne Airport announced a “global technology issue” affecting check-in procedures, primarily impacting international departures on Jetstar and Scoot airlines.
The faulty update, referred to as Channel File 291, targeted the way Falcon evaluates named pipes, which are used for communication within Windows systems. The update inadvertently introduced a logic error that caused the operating system to crash. CrowdStrike has since corrected the error and updated the content in Channel File 291.
CrowdStrike has taken immediate action to address the issue by deploying a fix and providing detailed remediation instructions on its blog and support portal. The company is also conducting a thorough root cause analysis to determine how the logic flaw occurred and identify potential improvements to its update processes.
“We understand how this issue occurred and we are doing a thorough root cause analysis to determine how this logic flaw occurred. This effort will be ongoing. We are committed to identifying any foundational or workflow improvements that we can make to strengthen our process. We will update our findings in the root cause analysis as the investigation progresses,” the company commits.