Global incident for Microsoft Windows due to CrowdStrike security agent
Machines running Microsoft Windows and the CrowdStrike Falcon Sensor security agent may experience crashes and BSOD (blue screen of death) due to a faulty update deployed by CrowdStrike.
Approximate impact started around 19:00 UTC on 18 July. This incident will affect physical machines and servers, as well as virtual machines and servers – including those running the Microsoft Azure cloud environment. As multiple platforms and services globally use and rely on Microsoft Azure, this is having a large knock-on effect and causing mutliple services outages.
We are pleased to report that our connectivity and web hosting services are unaffected, see status.directionforward.com. Our servers and machines are also unaffected, as we do not use CrowdStrike in either our internal or client stacks (we use alternative SOC security solutions).
Most of our services which do use Azure are also unaffected, as we utilise multi-region design and cross-region replication, meaning we maintain mutliple states for our virtual machines and servers, thus we were able to instantly switch over to unaffected infrastructure.
Currently our primary remote access service is down, because this is hosted by a third party that depends on Azure. Our Computer Backup service is also down, because, although we host the data, another part of this service requires on a third party that depends on Azure. You can stay up to date on our service status page here.
UPDATE: 09:40 – Microsoft have published a fix, which must be deployed manually on all impacted devices individually:
We recommend customers that are able to, to restore from a backup from before 19:00 UTC on the 18th of July. Alternatively, customers can attempt to repair the OS disk: access the disk (decrypt if required) or boot into Safe Mode / Windows Recovery Environment, and delete the following file: “Windows/System/System32/Drivers/CrowdStrike/C00000291*.sys”. We can confirm the affected update has been pulled by CrowdStrike.
UPDATE 10:55 – CrowdStrike posted on X, formerly Twitter, that was is “a faulty channel file, so not quite an update”.
UPDATE 21 July – Microsoft say that the outage affected 8.5 million Windows devices, likely making it the worst cyber event in history.
UPDATE 22 July – CrowdStrike’s share price drops 38% in one day following news of the outage.