CrowdStrike update at center of Windows “Blue Screen of Death” outage

A faulty update from the cybersecurity vendor CrowdStrike crashed countless Windows computers and sent them into a “Blue Screen of Death” (BSOD), grinding to a halt the global operations of airlines, hospitals, news broadcasters, transportation agencies, and more.

The incident itself is not the result of a cyberattack. There is no evidence of a breach or of any cybercriminal involvement.

But, as Malwarebytes Labs has reported before, many major events can lead to follow-on threats of phishing and scams, and this global outage is no different. On July 19, the US Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory on this same risk:

“CISA has observed threat actors taking advantage of this incident for phishing and other malicious activity. CISA urges organizations and individuals to remain vigilant and only follow instructions from legitimate sources. CISA recommends organizations to remind their employees to avoid clicking on phishing emails or suspicious links.”

As of reporting, CrowdStrike has already issued a fix.

What happened

On July 19, businesses in Australia began reporting that their Windows computers were restarting automatically into a BSOD, making them inaccessible to users. The reports were limited only to Windows machines and, as verified later by CrowdStrike, computers running Mac OS or Linux were not affected.

As IT admins in Australia scrambled to get their organizations back online, the same BSOD issue began greeting workers across Europe. The problem, it became clear, was becoming global, with reports of similar problems in Germany, Japan, India, and, eventually, the United States.

Hundreds of businesses were immediately impacted. Flights were grounded. Delays are being warned for package delivery provider UPS. Hospitals in the state of Maryland began cancelling procedures. And The Washington Post reported that, while many retailers were unscathed, coffee giant Starbucks was experiencing difficulties with its mobile ordering system.

What every affected business had in common was their use of Windows computers running CrowdStrike’s cybersecurity platform.

In the past 24 hours, CrowdStrike issued a faulty software update for Windows devices that included a problematic “channel file.” Windows devices that installed this update were then sent into a boot loop back into the “Blue Screen of Death” which kept users from accessing their own computers.

The fix

As of 05:27 AM UTC, CrowdStrike had identified the faulty channel file and issued a new, safe channel file for use. Deleting the channel file and installing the correct channel file, however, could require direct, physical access to a computer—a particularly time-intensive task as increasingly more businesses have adopted hybrid and Work From Home models.

CrowdStrike has a full statement on hox to fix Windows machines that are still stuck in the BSOD loop here.

Everyday users who are affected by this outage on their work machines or personal machines are not at heightened risk of a cybersecurity attack. Instead, people should simply remain vigilant about malicious emails and websites that promise fixes for the problem. For any and all maintenance, rely on CrowdStrike’s official statements and, if experiencing problems at work, rely on your IT admin.


Summer mega sale

Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!

https://blog.malwarebytes.com/feed/