Service outage due to a flaw in a Crowdstrike update for Windows

Last Friday, July 19, there was a global outage of multiple services on Windows systems that has affected primarily aviation services, hospitals, banks, stock exchanges, among a large number of companies.

The service disruption was due to a defect detected in a Falcon content update for Windows hosts. Mac and Linux hosts were not affected. Specifically, the problem was due to a file, “C-00000291-*.sys”. This file controls named pipelines, which are used on Windows systems. The latest software update added information about several C2 frameworks used in cyberattacks. However, this update included a logic error that causes Windows to crash with a blue screen.

By midday on Friday Crowdstrike released a temporary fix and continuous updates from its support portal, while its CEO posted an official apology on all available channels. Throughout the day, systems were gradually recovered.