Windows crashed due to a failed Falcon Sensor update

[Carding Forum]

On July 19, a massive outage occurred in Windows systems around the world. The problem arose due to a failed update of the Falcon Sensor security service from CrowdStrike.

Problems with the operation of various systems arose in several countries at once: Australia, Britain, Israel, India, Spain, the USA, Turkey, Ukraine. Airlines, banks, medical institutions, telecom operators and other systems whose work is tied to the Microsoft cloud platform were hit .
The outage caused Allegiant to delay nearly half of its flights, while all Delta, Turkish Airlines, United and American Airlines flights were grounded.

"We are currently experiencing widespread IT issues across our network," Southern Railway, the operator of many train services in southern England, wrote in X.

SkyNews has stopped broadcasting. As reported by Israeli Channel 12 television, difficulties have arisen in the work of medical institutions and emergency services in this country. Problems have arisen at all airports in Spain.

The failure is expressed in an emergency termination of work (blue screen of death, BSOD) of Windows systems, and then in a cyclic reboot. As reported by the television company CNN, on July 18, Microsoft reported that the Azure storage stopped working in the central part of the United States. The corporation emphasized that they have found the cause of the failure and are already working to eliminate the problems.

The cause of the failure was an update to the Falcon Sensor security service from CrowdStrike. The vendor acknowledged the problem and offered a solution, but it did not work on all systems.

The failure did not affect Russia.

“Russian airlines have long since switched to a domestic booking system, so the global failure did not affect them,” the press service of the Red Wings airline told RIA Novosti.
"There have been no reports of system failures at Russian airports at the moment," the official Telegram channel of the Russian Ministry of Digital Development reports. "The situation with Microsoft software shows the importance of import substitution of foreign software."
“ITgeddon, which is currently being observed around the world in the form of failures of critical systems: airports, 911, communication systems, etc., is a rather funny story and a consequence of globalization, carelessness and the replacement of the basic culture of storing and managing information with a religious attitude towards global corporations,” this is how Olga Uskova, founder and president of the Cognitive Technologies group of companies, commented on the incident in the official Telegram channel.
"Now the US will forget about sanctions and the triumphant exodus of "Melkosoft" from Russia. And they will start yelling about Russian hackers. God has a great sense of humor."

Nikita Kislitsin, Head of Network Security Department at FACCT:

"The current issue is caused by a flaw in the Crowdstrike Falcon Sensor software update and only affects Windows devices on which it was installed. Massive reports of failures began on 19.07 at approximately 8-00 (Moscow time). The vendor will not be able to restore the downed computers and servers, the problem can only be solved by manual actions on the damaged machines, which will have to be performed by administrators servicing the affected organizations.
Windows servers, having received the update, crashed into BSoD ("blue screen of death"). As a result, the functions they performed were completely disrupted. If these were servers with databases, then the databases stopped working. If these were servers with applications, then the applications crashed. For banks, airports, hospitals, this means serious consequences in the form of disruption of key processes. Interestingly, the problem even affected Microsoft itself: the company used Crowdstrike in its Azure platform.
Interestingly, this is the second Falcon Sensor issue in a row in recent times: a similar (but less obvious) issue with high CPU utilization occurred in late June after installing a memory scanning module update.
Crowdstrike software is very popular all over the world, but Russia is safe here: this company does not work in our country, and we may have only a small number of devices with this software.”

Source