'Reason identified; MeitY in touch with Microsoft': Govt on global outage

After a massive global outage with Microsoft Windows systems brought the world to a grinding halt, affecting many business activities globally, the government issued a statement, saying it's in contact with the IT major regarding the issue.

The outage affected multiple organisations across sectors including health services, brokerages, stock exchanges, media, banks, and airlines, as they faced disruptions due to the outage, prompting systems to shut down abruptly or restart. In India alone, at least 23 flights have already been cancelled or delayed due to the issue, reports suggest. Operations across many brokerages were disrupted.

The error that thousands of Windows users experienced was BSOD or Blue Screen of Death error. Several users took to social media to share the error that they were experiencing on their systems. "It looks like Windows didn't load correctly. If you would like to restart and try again, choose to restart my PC below," the message read.

Ashwini Vaishnaw, Minister for Information Technology, said on X: "MEITY is in touch with Microsoft and its associates regarding the global outage. The reason for this outage has been identified and updates have been released to resolve the issue. CERT is issuing a technical advisory. NIC network is not affected."

Issuing a statement, Microsoft said it is "aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming.”

Meanwhile, MeitY's cyber security wing CERT-In has also issued an advisory on the issue, saying the outage of Microsoft Windows happened due to Crowd Strike agent 'Falcon Sensor' update. "It has been reported that Windows hosts related to CrowdStrike agent "falcon sensor" are facing outages and crashing due to a recent update received in the product. The concerned Windows hosts are experiencing a "Blue Screen of Death (BSOD) related to Falcon Sensor," the agency said. CrowdStrike is an American cybersecurity technology company based in Austin, Texas.

How to address the issue?

CERT-In said the issues occurred in the latest update of CrowdStrike and the changes have been reverted by the CrowdStrike team. If people are still crashing and unable to stay online, the following steps can be used as workarounds.

• Boot Windows into Safe Mode or the Windows Recovery Environment

• Navigate to the C:\Windows\Systems32/Drivers\CrowdStrike directory

• Locate the file matching "C-00000291*.sys", and delete it

• Boot the host normally

• Users can also check the latest updates from the CrowdStrike portal.

Meanwhile, CrowdStrike has said it is actively working with customers impacted by a defect found in a single content update for Windows hosts. "Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, and isolated and a fix has been deployed," says George Kurtz, President & CEO, CrowdStrike.

He added: "We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers."