Nearly 8.5 Million Windows Devices Affected Globally by CrowdStrike Update Outage

Microsoft reported that the issue affected less than one percent of all Windows machines but caused widespread problems across various sectors including retail, banking, and airlines.

CrowdStrike released a technical breakdown explaining the root of the problem. The issue centered on the "Channel Files," which are part of the Falcon sensor’s behavioral protection mechanisms.

CrowdStrike clarified that these Channel Files, updated several times daily, are not kernel drivers but influence how Falcon evaluates certain system executions.

Security researcher Patrick Wardle confirmed that this explanation aligns with his previous analysis. He noted that the problematic file “C-00000291-” triggered a logic error leading to system crashes through CSAgent.sys.

CrowdStrike’s blog elaborated on the incident, stating that the update released on July 19, 2024, at 04:09 UTC led to a system crash and blue screen of death (BSOD) for systems running Falcon sensor version 7.11 and above that downloaded the update between 04:09 UTC and 05:27 UTC.

Wardle also pointed out that CrowdStrike’s channel file updates were installed on computers despite settings intended to prevent automatic updates.