Executive Summary
- On July 19th, 2024, a large-scale IT outage disrupted airlines, hospitals, and financial institutions globally. Thousands of flights were cancelled, and critical services like emergency call centres experienced downtime.
- A faulty update to the CrowdStrike EDR platform for Windows systems was identified as the culprit by CrowdStrike’s CEO.
- The faulty update has been rolled back, and businesses are in the process of system restoration. While further damage has been mitigated, recovery efforts are ongoing for many affected organisations.
Introduction
On 19th July 2024, businesses and organisations around the world were hit by an unexpected and unprecedented IT disruption which quickly earned the name “The Great IT Outage”.
In a matter of hours, we saw airlines, banks, stock markets, and even GPs and the NHS witness their systems lock up and go down. According to the BBC, almost 1400 flights across the world have been cancelled as a direct result.
So, what is actually going on here? And is your business potentially at risk?
What was the Great IT Outage of July 19th 2024?
Early in the day on 19th July 2024, Windows-based systems around the world started to experience disruption. Many flashed the dreaded blue screen of death (BSOD), got stuck in reboot loops, or entered recovery mode.
The culprit? A faulty update from CrowdStrike, the well-known (and, perhaps until now, well-trusted) security software provider.
Their software, which (somewhat ironically) protects Microsoft Windows systems from cyberattacks, inadvertently caused a wave of chaos, disrupting industries across the globe. The update is isolated to Windows machines only, meaning Mac and Linux systems have emerged unscathed.
How has the world been impacted?
To say the impact of the Great IT Outage has been global almost feels like an understatement.
Here are some of the biggest repercussions felt around the world:
- The BBC reported that upwards of 1400 flights have been cancelled globally.
- The Royal Surrey County Hospital declared a ‘critical incident’ after the update impacted it Varian IT systems.
- In Alaska, the call centres powering 911 emergency dispatch went down.
- Various global banks and stockbrokers were unable to access their trading platforms.
With countless IT systems like these relying on CrowdStrike, disruptions spanned numerous business sectors. If nothing else, this is a timely reminder of just how interconnected our digital world really is.
Why exactly did the Great IT Outage happen?
So, what’s to blame for the chaos we’ve seen all over the world?
We’ve already mentioned that it’s due to an error within an update to a piece of CrowdStrike cybersecurity software, but we can be more specific.
The root of the problem was an update targeting CrowdStrike Falcon, an Endpoint Detection and Response (EDR) product, for Microsoft Windows. The faulty update affected Falcon Sensor, a module responsible for detecting and preventing network threats.
Within this update was a problematic driver named “csagent.sys”. This driver led to the dreaded BSOD on affected machines, which also showed the stop code “PAGE_FAULT_IN_NONPAGED_AREA”.
For affected systems, the fix is to enter safe mode or the Windows Recovery Environment and delete the problematic .sys file. Some users might also be able to bypass the boot loop by restarting the machine twice in a row.
Is the Great IT Outage over?
For now, yes, it seems that any further damage has been mitigated.
At around 05:30 UTC on 19th July, CrowdStrike rolled back the faulty update, meaning any machine turned on after the rollback wouldn’t be subject to the fault.
Was this a cyberattack on CrowdStrike?
Despite the severity of the incident, it was not a cyberattack.
This was confirmed the morning of the 19th July by CrowdStrike’s CEO, George Kurtz. Writing on X (formerly Twitter), he said: “This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”
Will the IT outage impact your business on Windows or Microsoft 365?
If your business operates on Windows systems with CrowdStrike software, it’s possible that you felt the sting of this outage.
The good news is that CrowdStrike quickly rolled back the problematic update. The bad news is that restoring all impacted systems might take some time.
All of this said, as far as our team can see here at Get Support, it doesn’t appear that any of our customers are affected by the CrowdStrike IT outage. That said, if you have any questions or concerns, you can speak directly to your account manager or call us anytime on 01865 594 000.
