CrowdStrike Falcon Issue ‘Fix Has Been Deployed;’ Microsoft Identifies ‘Root Cause’ Of Outage

The massive Microsoft Azure and CrowdStrike outage reportedly was caused by a recent update to CrowdStrike Falcon Sensor software. Here’s where everything stands as of Friday morning.

From emergency 911 call centers to national health-care services to the largest airlines, the Microsoft Azure and CrowdStrike outage is causing chaos around the world.

As of Friday morning, CrowdStrike said, “The issue has been identified, isolated and a fix has been deployed.”

The outage stemmed from a recent update to CrowdStrike Falcon Sensor software, according to Microsoft, which affected Windows 365 Cloud PCs.

CrowdStrike said it is working with “customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.”

The outage reportedly first began Thursday when some Microsoft clients in the U.S., such as airlines, were hit with an outage on their Azure cloud services system.

Microsoft is urging customers affected to conduct point-in-time restore for Windows 365 Business and Enterprise. Point-in-time restore enables end users to restore a Cloud PC to the exact state it was at an earlier point in time, said Microsoft in a blog post.

“To fix this, users may restore their Windows 365 Cloud PC to a known good state prior to the release of the update (July 19, 2024),” Microsoft said on X. “Windows 365 Business admins can also restore Cloud PCs to an earlier state on behalf of their users,” the company said. “Short-term restore points are saved every 12 hours.”

Microsoft Identifies Preliminary Root Cause For 365 Admin Center, Teams

The outage is still affecting many Microsoft 365 users who may still be unable to access various 365 applications and services as of Friday morning, including Teams.

Microsoft said the “preliminary root cause” was a configuration change in a portion of its Azure back-end workloads that “caused interruption between storage and compute resources, which resulted in connectivity failures that affected downstream Microsoft 365 services dependent on these connections.”

Microsoft Teams users may still be unable to leverage Microsoft Teams functions including presence, group chats and user registration. “Microsoft 365 admins may be intermittently unable to access the Microsoft 365 admin center and any action may be delayed if accessible,” the company said.

Microsoft is continuing to apply mitigation actions to provide relief from the impact affecting the remaining Microsoft 365 apps and services.

“Our telemetry is indicating that the remaining impacted scenarios are progressing towards a full recovery and we’re closely monitoring to ensure this progress continues,” Microsoft said.

CrowdStrike CEO George Kurtz Comments

CrowdStrike CEO Kurtz provided a statement on X Friday regarding the issue.

He said his Austin, Texas-based cybersecurity firm is working with customers impacted by the update that affected Windows hosts. Kurtz reiterated that the issue was not a “security incident or cyberattack.”

“We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels,” Kurtz said. “Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”

Microsoft Azure ‘Reboots’ Are Working

For Microsoft Azure, there are still service issues impacting virtual machines running Windows Client and Windows Server that are running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD) and agent stuck in a restarting state.

“We have received reports of successful recovery from some customers attempting multiple Virtual Machine restart operations on affected Virtual Machines,” Microsoft said. “We’ve received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.”

CrowdStrike is referring customers to its support portal for the latest updates and will continue to provide updates on its website.

“We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels,” CrowdStrike said. “Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”

Customers first began reporting issues through the Down Detector website, which data shows hit a peak at around 3 a.m. ET.