CrowdStrike's share price is currently tanking amid a major global IT outage its leadership has attributed to a dodgy channel file.

At the time of writing, the share price is down more than 19 percent as the security shop to some of the biggest organizations in the world continues to work through issues with its customers.

Those hoping to catch a flight today might encounter some problems as the Federal Aviation Adminstration (FAA) grounded major airlines until further notice. This includes United, Delta, and American Airlines, while Brits' go-to budget airline Ryanair is also experiencing disruption.

"Affected passengers will be notified and any passengers traveling across the network on Fri 19 July should check their Ryanair app for the latest updates on their flight," a Ryanair statement said. "We advise passengers to arrive at the airport 3 hours in advance of their flight to avoid any disruptions.

"We regret any inconvenience caused to passengers by this third-party IT issue, which is outside of Ryanair's control and affect all airlines operating across the network."

From a regional perspective, Edinburgh Airport owes longer waiting times to the CrowdStrike incident, with wider reports suggesting departure boards are down across the site. Check-in services at Berlin airport are also impacted.

The list of victims is growing faster than our fingers can type. Other airports also confirmed to be affected include: Heathrow, Gatwick, Manchester, Stansted, Luton, airports across the entirety of Spain, and Swissport.

As if the UK's health service hasn't taken enough of a battering in recent weeks, reports from individuals in Bristol writing into BBC Radio 4's Today program this morning, said they were unable to book doctor's appointments at their local general practitioner's (GP) office. 

Putneymead GP surgery in West London has updated its website to say its core Medical Management System is affected and online requests are restricted. The phone lines are also down temporarily but the practice remains open.

The Register asked the National Health Service (NHS) about this and in a statement it explained that IT issues have hit the EMIS system used by practices across the country.

"The NHS is aware of a global IT outage and an issue with EMIS, an appointment and patient record system, which is causing disruption in the majority of GP practices," it said.

 "The NHS has longstanding measures in place to manage the disruption, including using paper patient records and handwritten prescriptions, and the usual phone systems to contact your GP.

"There is currently no known impact on 999 or emergency services, so people should use these services as they usually would.

"Patients should attend appointments unless told otherwise. Only contact your GP if it's urgent, and otherwise please use 111 online or call 111."

Speaking of critical services, various train lines are experiencing disruptions in the UK - namely those operated by Govia Thameslink, the UK's largest rail franchise which operates the Thameslink, Southern, Gatwick Express, and Great Northern lines.

A spokesperson said: "We apologize to customers for the disruption they're experiencing this morning.  This is due to a worldwide IT issue affecting multiple companies and industries. Our advice to customers is to check our websites for the latest travel information and to check before they travel."

Other train lines affected include: Avanti West Coast, Great Western Railway, Hull Trains, Lumo, TransPennine, and West Midlands Rail.

Over in the US, reports suggest that some states' 911 emergency services are down. So far, it's believed that Ohio, Alaska, Arizona, Minnesota, Indiana, and New Hampshire are affected. Scary stuff.

And who could forget about the poor investment bankers unable to access their news service. Trading at the London Stock Exchange (LSE) is all okay - no worries there - but its regulatory news service (RNS) is down, so companies can't even hide their data breach reports behind the biggest news of the day.

So, what's going on?

The cause of the outages isn't entirely confirmed, but the prevailing explanation is that a faulty channel file in CrowdStrike Falcon - the vendor's flagship EDR solution trusted by organizations the world over - is to blame.

The full advisory is available to paying CrowdStrike customers, however, the director of the vendor's managed hunting service OverWatch, Brody Nisbet, said the dodgy content update has been reversed.

It means there should be no new BSODs going forward, but it won't reverse the damage that's already been done - that'll be a job for IT admins who are sure to have the very worst of Fridays. Hopefully the work doesn't bleed into the weekend.

CrowdStrike hasn't yet responded to our requests for additional information, but Nisbet published a workaround via the vendor's dedicated Reddit page, a thread in which is teeming with furious customers.

However, that workaround will not work for every customer, he Xeeted while also calling the situation "a mess." The company is still working on the issue.

Speaking to BBC Radio 4 this morning, former CEO at the UK's National Cyber Security Centre, Ciaran Martin, concurred with the current explanations for the outage.

"[CrowdStrike] have a range of products under this brand they call Falcon, and their Falcon sensor update, which a lot of companies will use to detect threats and so forth, seems to have been misconfigured in such a way that it wrecks Windows. 

"And so if a company is using both CrowdStrike and Windows for its operating system, it seems that they get what people in the trade call the blue screen of death, and Windows doesn't work, and that's why airlines aren't able to process, presumably, why Sky [News] hasn't been able to broadcast. It's also why, just simply for times and reasons, it seems to be emerging first in Australia.

"These complex systems always operate interdependently, so [for] the cybersecurity to do its job, the cybersecurity tool still has to be able to interact with Windows, so companies spend a lot of time, money, and effort on both sides of that equation, making sure that they're compatible when you're deploying these things. You have to make sure you don't destabilize other parts of the network, and most of the time that works. Occasionally, it doesn't - it appears that that's not the case. It's very rare for it to be as serious as this."

CrowdStrike, not Microsoft

Early reporting from national media organizations misattributed the IT issues to Microsoft, which itself battled its own outage hours earlier on its Azure cloud platform, but this appears unrelated to the underlying problem causing the widespread IT issues across the world.

This particular Azure issue was affecting Microsoft 365 subscription services but was already resolved by the time disruption scuppered global systems.

Microsoft found the time to respond to us briefly today, but continued to ignore our repeated requests for an explanation over allegations that it failed to properly notify customers of a Russia-attributed data breach.

A spokesperson said: "We're aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming." ®

https://www.theregister.com//2024/07/19/crowdstrike_shares_sink_as_global/