Microsoft Outage: 'Blue Screen of Death' Disrupts Global Operations

Disruption to global operations; Microsoft Windows users across various regions are grappling with the infamous "Blue Screen of Death" (BSOD) error. This widespread issue has caused systems to abruptly shut down or restart, affecting countless businesses and individual users worldwide.

The outage has sent ripples across multiple sectors, notably impacting airlines, banking, and government services in regions including India, the US, and Australia. Low-cost carriers like Frontier, Allegiant, and SunCountry reported disruptions, but operations are gradually returning to normal.

In India, airlines such as Spicejet and Akasa Air faced technical issues that disrupted booking, check-in, and flight updates. Akasa acknowledged the problem on X (formerly Twitter), assuring passengers that their team is actively working on a resolution.

#TravelUpdate: Due to infrastructure issues with our service provider, some of our online services, including booking, check-in and manage booking services will be temporarily unavailable. Currently we are following manual check-in and boarding processes at the airports and hence…

— Akasa Air (@AkasaAir) July 19, 2024

Microsoft’s Official Response

Microsoft identified a recent update by global cybersecurity firm CrowdStrike as the preliminary root cause. The update caused a "configuration change" in Azure backend workloads, interrupting connections between storage and compute resources and affecting downstream Microsoft 365 services.

Microsoft said it is "investigating an issue impacting users ability to access various Microsoft 365 apps and services". It added, "We're working on rerouting impacted traffic to alternate systems to alleviate impact in a more expedient fashion. We're still observing a positive trend in service availability while we continue to redirect impacted traffic. We still expect users will continue to see gradual relief as we continue to mitigate the issue”, in a detailed thread on X (formerly Twitter).

We're investigating an issue impacting users ability to access various Microsoft 365 apps and services. More info posted in the admin center under MO821132 and on https://t.co/W5Y8dAkjMk

— Microsoft 365 Status (@MSFT365Status) July 18, 2024

Experts' Opinion on the Outage

"The massive outage in Microsoft systems caused by CrowdStrike updates was due to a compatibility issue between CrowdStrike's Falcon sensor and a Windows update. When the CrowdStrike sensor, a critical endpoint protection agent, was updated, it conflicted with changes introduced in the latest Windows update. Such incidents underscore the importance of rigorous compatibility testing between security solutions and operating system updates to prevent widespread disruptions.

There are measures that can be put in place to avoid such disruptions. Before deploying any security update or software patch, create a testing environment that mirrors production systems. Test the update thoroughly in this environment to identify any compatibility issues or unexpected behavior.

Avoid deploying updates across all systems simultaneously. Instead, roll them out gradually to a subset of machines. Monitor these systems closely for any adverse effects. If everything looks good, proceed with a wider rollout.

Regularly back up critical systems so that in case an update causes problems like the current situation with Crowdstrike updates, you can restore the system to a previous state. Ensure backups are tested and reliable.

Use patch management tools to automate the deployment of updates. These tools allow you to schedule updates, track their status, and roll back changes if needed. We would always encourage organizations to implement monitoring solutions that detect anomalies, performance issues, or unexpected behavior. And set up alerts to notify you immediately if any critical system experiences problems," said Kumar Ritesh, CEO & Founder, CYFIRMA.

Services Affected and Restored

The outage impacted a wide array of Microsoft services, including:

• Microsoft Teams: Users experienced issues with presence, group chats, and registration.
• Microsoft 365 Admin Center: Admins faced intermittent access problems.
• PowerBI and Microsoft Fabric: These services operated in read-only mode.
• Microsoft Purview: Delays in event processing were reported.

Fortunately, recovery efforts are underway. Services like Microsoft Defender, Microsoft Intune, OneDrive for Business, and SharePoint Online are gradually returning to normal functionality.

Technical Solutions and User Recommendations

To address the BSOD issue, Microsoft and CrowdStrike have suggested a workaround. Users should boot their systems into Safe Mode or the Windows Recovery Environment, navigate to the C:\Windows\System32\drivers\CrowdStrike directory, locate and delete the file matching C-00000291*.sys, and then reboot normally.

Stay updated as Microsoft continues to resolve this widespread outage. For detailed guidance on fixing the BSOD issue, visit the official Microsoft support page.