Global IT outage after CrodStrike bug: operations resume

Contents

Berlin-Brandenburg Airport is paralyzed: "There are delays due to a technical fault," reads a banner running on the website. It is just one of the many affected by a worldwide IT disruption: banks, businesses and companies around the world are struggling with outages. In Hamburg and Düsseldorf, planes are also not taking off and hospitals are having to cancel operations. The background to this is a faulty CrowdStrike update that causes Windows computers to crash.

Specifically, the bug is in the Falcon Sensor - a system that monitors activities in real time and is designed to block attacks. Many large companies use it to integrate an agent on their end devices that monitors activities on the system. Because this agent is very deeply embedded in the system, a faulty update can paralyze the entire computer. The Falcon Sensor is aimed at companies and public authorities; private users do not generally use it. Nevertheless, they are affected by the problems that arise for service providers, companies and authorities as a result of its use.

No security incident

The disruptions began on Friday morning. There is now a workaround and a revised update that administrators can use to fix the error. However, the problems and aftermath are still ongoing. BER, for example, has stated that it intends to slowly restart operations. The BSI expects that it will take "some time" before the situation returns to normal.

The company CrowdStrike initially confirmed in the morning that it was working on the problem. At midday, CEO George Kurtz reported to X that they had been able to locate the error. Customers should download a new update from the support page. Kurtz also assures in the post that no attack is responsible for the problems. It is not a security incident. When asked by heise online, a spokesperson for Crowdstrike also explained: "We recommend that our companies ensure that they communicate with CrowdStrike representatives via the official channels. Our team is fully deployed to ensure the security and stability of CrowdStrike customers."

Workaround as first aid

Affected devices show a blue screen of death (BSOD). An error message is also displayed after an automatic restart. This means that the devices are in a kind of endless loop that has to be broken. This problem also makes it difficult to access the new, error-free update.

However, Crowdstrike has found a workaround. You can start in safe mode and navigate to the folder c:\windows\system32\drivers\Crowdstrike, select the file "C-00000291*.sys" and delete it. The computer is then restarted, and the revised update is downloaded. The BSI recommends this step for all affected systems that are stuck in the reboot loop. If you do not experience any boot problems, you do not need to take action.

Devices that received the faulty update on Friday night are affected by the error. A member of the heise security PRO community confirmed: "For all devices that were offline this morning, there is no need for action, as the faulty file is no longer being distributed." According to Crowdstrike, all systems that were switched on at 7:27 a.m. or later are safe.

Large and critical companies affected worldwide

Various Microsoft services have experienced and continue to experience disruptions. Volksbanken, Sparda Banken, Sparkasse and others also had problems, while Deutsche Bank, Allianz, Telekom and Vodafone were partially unavailable according to disruption reports. The checkout systems of several retailers were down.

Outages were also reported for AWS. Mercedes and Continental AG were affected, as were the airlines Turkish Airlines, KLM, Lufthansa and Ryanair, which reported technical disruptions. It is not always clear whether the companies themselves use CrowdStrike's software and can therefore only offer limited services, or whether there are other dependencies. For example, in the case of the airlines, the actual IT problems could lie with the airports. Conversely, affected airlines can also cause problems for airports. According to Federal Transport Minister Volker Wissing, however, there was no danger to passengers.

The University Hospital Schleswig-Holstein has already had to cancel all operations planned for today, Friday, at its sites in Kiel and Lübeck. Pharmacies that use CGM Lauer software also had problems. According to Defense Minister Boris Pistorius, the German Armed Forces were not affected.

Empfohlener redaktioneller Inhalt

Mit Ihrer Zustimmmung wird hier eine externe Umfrage (Opinary GmbH) geladen.

Umfragen immer laden Umfrage jetzt laden

Ich bin damit einverstanden, dass mir externe Inhalte angezeigt werden. Damit können personenbezogene Daten an Drittplattformen (Opinary GmbH) übermittelt werden. Mehr dazu in unserer Datenschutzerklärung.

Meanwhile, it was not clear whether Crowdstrike was really the cause of the IT disruptions. Amazon Web Services (AWS), Microsoft Azure and Google Cloud were also suspected - they are likely to have been suspected due to the large number of people affected. There are not many services that are used by so many companies at the same time and can therefore lead to a global outage. Some reports also claimed that it was a Microsoft problem because only Windows devices were affected. When asked by heise online, a Microsoft spokesperson said: "We are aware of the issue affecting Windows devices due to an update to a third-party software platform. We expect a solution to be found shortly."

(emw)