Update with error persisted for 78 minutes, as per CrowdStrike's claims
On Friday, July 18, 2024, a software update for CrowdStrike's Falcon platform, deployed at 4:09 UTC, caused a significant impact on global IT networks. The update, affecting systems running Falcon on Windows version 7.11 and above, triggered blue screen errors and caused affected Windows endpoints to enter continuous restart loops[1]. This disruption affected more than 8.5 million devices, according to earlier reports[2].
The incident, which United Airlines CEO Scott Kirby described as "the most widespread technology outage the world has ever experienced," quickly rendered global IT networks non-operational[3]. United Airlines reported that more than 26,000 computers and devices required manual fixing due to the update issue[2].
To remedy the problem, Microsoft and CrowdStrike collaborated closely to provide multi-phase mitigation steps. Initially, two recovery options were provided for IT administrators to stabilize affected systems[2]. Subsequently, due to persistence of problems on some devices, Microsoft released a third mitigation approach allowing the use of PXE (Preboot Execution Environment) recovery. This method enables IT teams to recover systems via network boot and reimaging without manual intervention[2]. Microsoft also issued guidance on Windows resiliency best practices to improve compatibility and prevent recurrence[2].
CrowdStrike's Falcon platform, known for its cloud-native architecture, typically provides strong detection and automated response with minimal disruption. However, in this case, the update caused system stability issues requiring rapid corrective measures by vendors and customers globally[4][2]. Despite this incident, CrowdStrike Falcon has continued to demonstrate strong protection capabilities, such as blocking active exploitation of Microsoft SharePoint zero-day vulnerabilities in July 2025[1].
CrowdStrike's CFO, Burt Podbere, stated that the situation is evolving and they are evaluating the impact of the event on their business and operations. The update was live for 78 minutes before it was reverted at 5:27 UTC, but customer systems that were already upgraded and crashing could not simply go back to the previous stable version[5]. Many impacted customers had to fix the issue internally in a multistep process.
A video demonstrating self-remediation steps for impacted customers was released by CrowdStrike on Monday[6]. However, the cause of the defective update and how it was distributed to customers remains unexplained by CrowdStrike[1]. This incident underscores the complexity of endpoint security software updates and the importance of coordinated incident response.
References:
- The Record by Recorded Future
- ZDNet
- CNBC
- The Hacker News
- TechRadar
- CrowdStrike Support
The cybersecurity incident involving CrowdStrike's Falcon platform, which disrupted global IT networks in July 2024, also impacted the finance sector, as evidenced by United Airlines reporting over 26,000 computers and devices requiring manual fixing. The complexity of endpoint security software updates, as demonstrated by the unexplained distribution of the defective update, emphasizes the importance of cybersecurity in business and technology operations.
