This afternoon, the topic of "Microsoft Blue Screen" went viral.
On July 19th local time, some applications and services under Microsoft (MSFT, stock price $440.37, market value $3.3 trillion) experienced access delays, incomplete functionality, or inability to access. For a time, global enterprises and users from the Americas, Europe to Asia were unable to access the system normally, and almost all industries including aviation, railways, media, cinemas and amusement parks, schools, finance, technology, healthcare, hotels, and catering experienced varying degrees of chaos.
CCTV News reported that it is understood that the malfunction is related to CrowdStrike, a global cybersecurity company associated with Microsoft. A British security official who declined to be named stated that security experts did not consider the network failures experienced by multiple industries worldwide as malicious attacks.
Multiple netizens share blue screen pictures, Musk speaks out
According to user feedback, the Windows 10 system suddenly experienced a Blue Screen of Death that day, causing the computer to get stuck in the "recovery" interface and unable to function properly.
Many netizens have posted their blue screen screenshots on X platform.
A netizen said, "If you get this on your Windows computer... you're not alone... the whole world is getting it today
Some netizens also reported that their laptop went down and restarted 20 times in the past 40 minutes.
Musk also posted that this is the current status of Microsoft and CrowdStrike engineers, with a picture of a man wearing a blue T-shirt standing cross legged in the data center. He then sent a "laugh and cry" emoji to indicate that his X was not affected.
Multiple countries affected: flight suspension, live streaming interruption, bank anomalies
According to CCTV News, the location information of trains operated by West Japan Railway Company (JR West) cannot be obtained due to a Windows system malfunction. Australian airlines, banks, government networks, enterprises, supermarket automatic cash registers, and others have also been affected.
On the 19th, according to foreign media reports, based on the alert issued by the Federal Aviation Administration (FAA) on the morning of the 19th, American Airlines, United Airlines, and Delta Air Lines have requested the FAA to implement a global grounding for all flights. The FAA requires air traffic controllers to inform pilots that the airline is currently experiencing communication issues. Meanwhile, air flights will continue to operate, but flights operated by American Airlines, United Airlines, or Delta Air Lines will not take off. Melbourne Airport in Australia also stated that they have encountered a global technical issue, which is affecting the airport's boarding process.
In addition, LSE Group, which operates the London Stock Exchange, also stated on the same day that it had encountered a global technical issue that prevented the release of news. Sky News UK is unable to live stream television programs and apologizes to the audience.
According to foreign media reports, Indian IT Minister Ashwini Vaishnavi stated that his department is "in contact with Microsoft and its partners regarding global disruption issues
The cause of this interruption has been determined and an update has been released to address the issue, "Vaishnav said on social media platform X.
He added that the National Information Center, a partner of the Indian government, has not been affected.
The UK National Health Service stated that most general practitioner offices are experiencing disruptions due to ongoing IT disruptions and issues with appointment and medical record systems.
The NHS has long-term measures to manage interruptions, including the use of paper medical records and handwritten prescriptions, as well as the usual telephone system to contact your general practitioner
Microsoft experiences widespread global downtime, companies involved respond
According to reports, CrowdStrike's Japanese subsidiary stated that computers installed with the CrowdStrike security software "Falcon" showed a "blue screen", indicating that Windows was experiencing access issues. According to reports, a company that uses CrowdStrike software said that at around 1:40 pm on the 19th, its office computers gradually showed blue screens, and after restarting for a period of time, they showed blue screens again, causing them to be unable to work. A spokesperson for CrowdStrike's Japanese subsidiary stated that they are aware of the issue and are investigating the cause and considering countermeasures.
Based on the analysis of multiple foreign media outlets, this failure was caused by a malfunction in Microsoft's Azure regional data center located in the central United States, resulting in Crowdstrike terminals receiving incorrect configurations. After Crowdstrike pushed the incorrect configurations to users worldwide, it caused a blue screen in the Windows system. Another user on the forum claimed that after installing CrowdStrike's management software, a driver csagent.sys would be added to Windows, which caused today's global BSOD (blue screen crash).
The user's statement coincides with the views of network security expert Li Tiejun, who was interviewed by the Daily Economic News. Li Tiejun said that when a system like Microsoft, which accounts for the largest proportion in the world, malfunctions, "it is usually a major accident caused by driver programs. Usually, Windows blue screens are caused by program bugs (vulnerabilities) at the driver level, especially those that are more common in third-party applications. Windows itself causes very few large-scale blue screens, and testing can also detect them. They usually occur after certain upgrades: third-party software upgrades or Windows upgrades. Windows upgrades may cause compatibility issues with some third-party applications
On July 19th, network security software company Crowdstrike announced on its support platform that it had received numerous reports of blue screens on Windows computers. The company's engineering department has determined that the issue is related to "content deployment" and has now restored these changes. It is recommended that affected users boot their computers to safe mode or recovery environment, navigate to the C: Windows System32 drivers CrowdStrike directory, find the file that matches "C-00000291 *. sys" and delete it to start the computer normally.
According to CCTV News, the CEO of CrowdStrike also stated that this is not a security incident or cyber attack, and the relevant issues have been identified and repair plans have been deployed.
At present, Crowdstrike has provided a more complex manual solution, while Microsoft has stated that it will launch a solution as soon as possible. From this perspective, there is still no sign of improvement in this global large-scale system technology malfunction, and it will continue to affect multiple countries and industries.
On July 19th, CrowdStrike, a US antivirus software company, experienced a pre-market decline of up to 20% in the US stock market. As of press time, the company's stock price fell 18.41%, and Microsoft fell nearly 2%.