- The error was caused by a faulty update to CrowdStrike's Falcon software.
- More than 8 million devices Windows were affected globally
- Airlines, banks and utilities suffered severe disruptions
- CrowdStrike has already published a solution that requires manual actions.
On July 19, 2024, millions of users and organizations around the world were hit by one of the most significant computer outages in recent years. A technical glitch caused by a faulty update to CrowdStrike's Falcon security software caused numerous Windows systems to display the notorious blue screen of death (BSOD)This situation not only rendered private computers unusable, but also paralyzed operations of businesses, public services, airlines, banks, and hospitals.
The bug critically affected Windows devices, although it was quickly confirmed that systems based on Mac o Linux were not compromised. Despite the magnitude of the incident, both Microsoft and CrowdStrike assured that it was not a cyber attack, but rather a human error during the development of an updateIn this article, we'll explain in detail what happened, how it affected different sectors, what measures have been taken, and how you can fix it if your equipment is still experiencing issues.
What caused the CrowdStrike failure at Microsoft?
The problem has its roots in a routine update of the Falcon antivirus sensor developed by CrowdStrike. This sensor is present in numerous computers with Windows systems and is part of a suite of ciberseguridad used globally. This update was distributed on July 19 at 04:09 UTC and, after automatic installation, generated a logical error which triggered serious flaws in Microsoft's operating system.
This bug caused instant crashes and forced reboots of systems, resulting in a blue screen. Technically, this happened due to a device driver problem which caused a excessive consumption of system resources, a situation commonly known as “infinite loop”, and results in a process crash, preventing Windows from loading properly.
Global reach: affected sectors and companies
The scope of the incident was massive. According to Microsoft, At least 8,5 million Windows devices were affected, which represents less than 1% of all machines running this operating system, but still a significant number. The consequences were particularly noticeable in:
- Air Transport: Airlines such as Lufthansa, Delta Air Lines, Air France-KLM, Wizz Air, American Airlines, and United Airlines reported delays and cancellations. In Spain, Aena acknowledged incidents, although it assured that all airports were operational.
- Health: Scheduled operations were suspended and some hospital services were interrupted.
- Finance: Banking platforms, electronic payments, and systems like Bizum experienced temporary outages.
- Corporate environments: Organizations such as Repsol, IBEX 35 companies, and public entities such as EMT Madrid saw their normal operations affected.
Madrid's mayor, José Luis Martínez-Almeida, described the day as "difficult," indicating that rail services and Adolfo Suárez Madrid-Barajas Airport were experiencing complications resulting from the incident.
Which devices were vulnerable?
According to data from the company Sofistic, the affected devices were those that were on before 05:27 UTC on July 19. This implies that:
- Equipment turned on before that time may be affected.
- Teams that started later do not present the error.
- Windows 7 and Windows Server 2008 R2 were not harmed.
- Mac and Linux were not impacted by this update.
How to identify if your device is affected?
For users who have the module enabled Investigate CrowdStrike, it is possible to perform advanced queries on your system to detect devices with compromised sensor versions. Scripts are available to analyze parameters such as file name, Local IP of the computer y dates of last access to the system. These tools allow you to track exactly which equipment needs to be checked or repaired.
Troubleshooting steps on affected devices
The solution can be simple if the right steps are followed. CrowdStrike has provided a Fast guide to correct the error. Here's how to do it:
- Restart your computer at safe mode or access the Windows Recovery Environment (WRE).
- Navigate to the directory C:\Windows\System32\drivers\CrowdStrike.
- Delete the file C-00000291*.sys which contains the faulty driver.
- Restart your computer normally to verify that the system loads without errors.
In more complex cases, Microsoft has released a tool that creates a drive USB de Boot To facilitate recovery of your Windows environment, a computer with a 64-bit operating system, 8 GB of available space, and administrator privileges are required.
Why did it happen? Human error in development
CrowdStrike has publicly acknowledged its responsibility. The ruling was described as a human error during development and testing of the update. Although updates are common processes and part of Falcon's normal operation, in this case the flaw wasn't detected before its distribution. The company has promised to refine its quality control methodology to prevent something like this from happening again.
The company's CEO, George Kurtz, has apologized and acknowledged the seriousness of the incident, stating that "the problem has already been identified and resolved," although he emphasized that restoring all systems will take time.
Economic and reputational impact
The situation has had a strong impact on the financial markets. CrowdStrike shares are listed in the index Nasdaq fell nearly 14%, while Microsoft shares fell as much as 3% during Friday's session. Although the stock has partially recovered, the reputational damage has been done.
Industry experts such as Lukasz Olejnik have highlighted the excessive dependence that many organizations have on certain technology providersThis incident demonstrates the vulnerability of that model, where A simple update can unleash global chaos.
Companies' response to the incident
Following the incident, both Microsoft and CrowdStrike took action. Microsoft has mobilized a team of hundreds of engineers and is working directly with customers. It has also recommended uninstalling the problematic update and following the technical guidelines provided to restore services.
For its part, CrowdStrike has released corrective patches, implemented new internal measures, and updated its monitoring mechanisms to ensure that a bug of this magnitude does not occur again in future updates.
Cooperation between the two companies has been key to mitigating the effects of this global ruling. Still, there is speculation that some affected companies may consider taking legal action for their losses.
Lessons learned from the ruling
This incident not only highlights the fragility of our digital systems, but also the urgency of strengthening control, validation, and testing processes before releasing updates. trust in technology providers is vital, but so is the answer's capacity in the event of unexpected failures.
Many organizations are rethinking their business continuity and disaster recovery strategies. Furthermore, the need for greater transparency and communication by software manufacturers in this type of situation.
This incident has served as a valuable lesson in technological humility, reminding us that in an ultra-interconnected digital world, a small glitch can have massive consequences. The key is a rapid response, collaboration, and clear communication to recover and maintain user trust.
Passionate writer about the world of bytes and technology in general. I love sharing my knowledge through writing, and that's what I'll do on this blog, show you all the most interesting things about gadgets, software, hardware, tech trends, and more. My goal is to help you navigate the digital world in a simple and entertaining way.