Microsoft: CrowdStrike Update Caused Outage For 8.5 Million Windows Devices

Major airlines reported progress on recovery from the outage Saturday.

Microsoft disclosed Saturday that 8.5 million Windows devices were impacted by CrowdStrike’s disastrous update, while major airlines reported progress on recovery from the massive outage.

The CrowdStrike Falcon update led to the “blue screen of death” for Windows systems worldwide on Friday and hobbled much of what the modern world depends on, from air travel to health care to banking and beyond. Experts have called it the largest IT outage of all time.

[Related: CrowdStrike Has Been Doing Updates This Way ‘For Many Years’: What Went Wrong?]

In a post Saturday, Microsoft offered a sense of the scale of the outage caused by the CrowdStrike update.

“We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than 1 percent of all Windows machines,” Microsoft said.

“While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” Microsoft said.

CRN has reached out to CrowdStrike for comment.

Meanwhile, major airlines that have been affected by the outage reported that the recovery is well underway.

United said in a post on X, late Friday evening, that “most of our systems have recovered from the worldwide third-party software outage.” American Airlines had reportedly fully recovered as of Saturday afternoon.

Delta said in an update on its website Saturday morning that it was “continuing its operational recovery,” but did have to cancel more than 600 flights during the day. “Additional cancelations are expected as some of Delta’s technology continues to recover from Friday morning’s vendor-caused issue,” the airline said.

Cause Of The Outage

In an update late Friday evening, CrowdStrike identified a “logic error” as the culprit in the Microsoft outage. The programming error was triggered by a sensor configuration update to Falcon.

Such updates “are a normal part of the sensor’s operation and occur several times a day in response to novel tactics, techniques, and procedures discovered by CrowdStrike,” the company said in the post.

The sensor configuration update that ultimately triggered the logic error was released to Windows systems shortly after midnight, EDT, on Friday, the company said in the post.

For a still-unknown reason, “this configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems,” the company said.

The defective CrowdStrike software update led to impacts including thousands of flights canceled, health-care services such as surgeries curtailed and 911 system outages.

“We understand the gravity of this situation and are deeply sorry for the inconvenience and disruption,” CrowdStrike said on its page for the outage incident. “Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”