Windows ‘blue screen of death’ crisis: what we know so far
Businesses across the globe are being affected by a major IT outage that’s causing Windows machines to encounter the dreaded ‘blue screen of death’ (BSOD), with knock-on effects hitting airlines, banks, and online services, and even taking TV channels off the air.
The outage has apparently been caused by a faulty security update rolled out by cybersecurity company CrowdStrike. Businesses in Australia and Asia were the first to encounter problems as computers running Windows went offline, with major issues subsequently being reported across Europe and the US.
Microsoft issued a statement saying: “We are aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming.” CrowdStrike posted on its customer support website that “We have widespread reports of BSODs on Windows hosts, occurring on multiple sensor versions.” It also said the outage was not the result of a cyberattack.
We have a live blog collecting all the developing news as it hits, and we’ll be updating this page with everything we know about the issue and how it might affect you.
This story is developing
What’s happening?
Millions of companies around the world rely on Windows PCs, and in the early hours of July 19, widespread reports started coming in that many of these PCs were encountering ‘blue screen of death’ (BSOD) errors, taking services and systems offline.
Anyone who’s used a Windows PC over the past 40 years will know that a BSOD error can be pretty nasty – it essentially forces the computer to stop what it’s doing, and the only thing you can do is reboot the PC and hope the problem doesn’t occur again. If it does, then the PC is in a pretty bad shape, and you’ll need to do some troubleshooting to try to fix the BSOD error.
This can be extremely frustrating for individuals who find their Windows 11 PC or laptop can no longer run, but when the PCs used by hospitals, airlines, and banks start getting affected, things can get really bad, and unfortunately, that seems to be the case here.
Who is affected?
So, who is affected by this BSOD outage? So far it looks like hundreds of major businesses and organizations around the globe are having issues – and that means thousands, if not millions, of customers, hospital patients, travelers, and anyone relying on these services will be affected. There have been reports of hundreds of fights being delayed or cancelled, and hospital appointments being cancelled.
In the UK Sky News went off the air for a time, and airline Ryanair has posted that “We’re currently experiencing disruption across the network due to a Global 3rd party IT outage, which is entirely out of our control. Booking and check-in are currently unavailable.” Ryanair recommends that people who are due to travel today check in at the airport, rather than trying to do so online.
We’re obviously not on air – we’re trying 🤞@SkyNews Breakfast pic.twitter.com/ZKvVacRgUYJuly 19, 2024
So far, it doesn’t seem like personal Windows 11 PCs are being affected – I’m writing this news story on one, and so far it seems fine. These are the companies and institutions that have confirmed they are affected so far:
- Microsoft
- Microsoft 365
- BetMGM
- Amazon
- Visa
- Sainsbury’s
- Tesco
- RyanAir
- Waitrose (UK)
- Morrisons (UK)
- Wetherspoons (UK)
- Waterstones (UK)
Good morning!! Unfortunately due to technical issues, we will be CASH ONLY today.Apologies for any inconvenience caused ❤️ pic.twitter.com/Og7LRFJ1PUJuly 19, 2024
- Sky News UK (back on air)
BREAKING: Airports, businesses, banks and broadcasters, including Sky News, experiencing issues worldwide after mass IT outage.Follow the latest and find out more on what companies have been impacted: https://t.co/Vljs0MTuQW📺 Sky 501, Virgin 602, Freeview 233 and YouTube pic.twitter.com/LqmYO0AAYsJuly 19, 2024
- BT
- Ladbrokes
- Santander
- Nationwide
- Royal Mail
- Southern Rail (UK)
⚠️ We are currently experiencing widespread IT issues across our entire network. Our IT teams are actively investigating to determine the root cause of the problem.We are unable to access driver diagrams at certain locations, leading to potential short-notice cancellations,…July 19, 2024
- Swiss International Air Lines
SWISS’s flight operations are affected due to IT disruptions at partner organizations and air traffic control. We ask our passengers to please check the status of your flight before traveling to the airport. https://t.co/C3liPTPlH1 pic.twitter.com/ffoNVWngZyJuly 19, 2024
- National Pharmacy Association (UK)
- Schleswig-Holstein university hospital (Germany)
- Berlin BER airport
- KLM
KLM and other airlines and airports have been affected by a global computer outage, making flight handling impossible. We realise that this is very inconvenient for our customers and staff, particularly in the midst of the summer holiday season. We’re working hard to resolve the… pic.twitter.com/O4gm7u0DIWJuly 19, 2024
- Delta (US)
- United (US)
- American Airlines (US)
- Aemet (Spain)
- IndiGo (India)
- NHS (UK)
The NHS is aware of a global IT outage and an issue with a GP appointment and patient record system.If you have an appointment please do attend unless you are told otherwise. If you need help use 111 online or by phone and in an emergency call 999.➡️https://t.co/M4QxHP2GqMJuly 19, 2024
Why has this happened?
We’re still not entirely sure what has caused this outage, but it appears to be affecting Windows devices used by businesses. Early reports suggest that cyber security firm CrowdStrike may be to blame, having pushed out a security update for its product that features a bug.
George Kurtz, CEO of CrowdStrike (I don’t envy his job today), has released a statement on X:
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We…July 19, 2024
In the statement, Kurtz says that a defect has been found “in a single content update for Windows hosts,” and that Mac and Linux devices are not impacted.
He goes on to say that “this is not a security incident or cyberattack.”
If you want to find out more about CrowdStrike, and why its product appears to have brought down so many systems across the world, then check out our What is CrowdStrike and how did it crash so many business computers? explainer.
When will it be fixed?
It could take a while to sort this mess out, but CrowdStrike has said it has identified a “content deployment related to this issue and reverted those changes.” This supports the theory that it was caused by a bug in an update – and we’re pretty sure there is going to be a lot of pressure on CrowdStrike employees to come up with a fix, as well as IT admins for businesses across the globe.
Meanwhile, Microsoft has confirmed with Tom Warren of the Verge that it is aware of the issue and that it expects a fix soon.
UPDATE: Microsoft tells me it’s “aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming.” #Crowdstrike #BSOD #windows https://t.co/uFN8bHbW2IJuly 19, 2024
So, we don’t have a clear idea of how long this will last, but CrowdStrike has issued workaround steps for anybody experiencing this problem:
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it
- Boot the host normally
So there’s good news in that the companies at the source of this problem, Microsoft and CrowdStrike, appear to have an idea of what the issue is and are working on a fix.
However, that fix could still take a while to implement – and it will then need to be rolled out to potentially millions of PCs around the world. This could be particularly difficult to do if the PCs are stuck on a BSOD loop, which essentially means that a PC encounters a BSOD, but when it is restarted, the blue screen of death reappears instantly.
The workaround involves booting into Safe Mode and manually finding a file and deleting it. For one PC, that might not be too much of an issue, but for organizations with hundreds of PCs, it’s going to be a nightmare.
Neowin has also published some alternative workarounds which might be a quicker way to avoid this issue:
Alternative one:
- Go into Command Prompt from Recovery options
- Navigate to C:\Windows\System32\Drivers
- Rename CrowdStrike to Crowdstrike_Old
- Restart the PC
Alternative two:
- Boot your Windows PC into Safe Mode or Windows Recovery Environment.
- Go to Windows Registry
- Edit the following key to disable the csagent.sys from loading.
- HKLM:\SYSTEM\CurrentControlSet\Services\CSAgent\Start from a 1 to a 4
George Kurtz, CEO of CrowdStrike, has made a statement on X, where he says that “the issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.”
Those hoping that this will prove to be a quick fix may be disappointed, though. Tom Kidwell, Co-founder, Ecliptic Dynamics and former British Army and UK Government intelligence specialist, got in touch to say that “The outage impacting Windows devices this morning appears to have been caused by a driver update by CrowdStrike, bricking older windows devices and servers, which will be worst hit. Unfortunately for CrowdStrike, if that is the case, it could be nauseating to fix. Due to the nature of the update, an individual from every organization will need to boot into safe mode, remove the issue file/driver, and then either roll back or update to a new version, something CrowdStrike will need to release very quickly.”