In its first statement after the massive Microsoft outage caused by an update to CrowdStrike ‘Falcon Sensor’, the security firm’s CEO has said the issue has been isolated and a fix has been deployed.
The bug has affected many stock exchanges, supermarkets and flight operations across the globe. Users are experiencing the Blue Screen of Death (BSOD) error, which is causing their systems to shut down or restart unexpectedly.
In a statement on X, CrowdStrike CEO George Kurtz said that the company is working with customers who have been impacted by a defect found in a single content update for Windows hosts, adding that Mac- and Linux-based systems have not been affected.
Emphasising that the outage is not a security incident or cyberattack, he wrote, “The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.”
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…
— George Kurtz (@George_Kurtz) July 19, 2024
“We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers,” he added.
What Microsoft Said
In a statement earlier on Friday, Microsoft said, “We remain committed in treating this event with the highest priority and urgency while we continue to address the lingering impact for the Microsoft 365 apps that are in a degraded state.”
“Our services are still seeing continuous improvements while we continue to take mitigation actions,” it added.
Workarounds
In an advisory, the Indian Computer Emergency Response Team (CERT-In) has said the following method can be used as a workaround:
– Boot Windows into Safe Mode or the Windows Recovery Environment Navigate to the C:\Windows\System32\drivers\CrowdStrike directory Locate the file matching “C-00000291*.sys”, and delete it.
– Boot the host normally.