Windows 'blue screen of death' crisis: what we know so far

Businesses across the globe are being affected by a major IT outage that's causing Windows machines to encounter the dreaded 'blue screen of death' (BSOD), with knock-on effects hitting airlines, banks, and online services, and even taking TV channels off the air.

The outage has apparently been caused by a faulty security update rolled out by cybersecurity company CrowdStrike. Businesses in Australia and Asia were the first to encounter problems as computers running Windows went offline, with major issues subsequently being reported across Europe and the US.

Microsoft issued a statement saying: "We are aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming." CrowdStrike posted on its customer support website that "We have widespread reports of BSODs on Windows hosts, occurring on multiple sensor versions." It also said the outage was not the result of a cyberattack.

We have a live blog collecting all the developing news as it hits, and we'll be updating this page with everything we know about the issue and how it might affect you.

This story is developing

What's happening?

Millions of companies around the world rely on Windows PCs, and in the early hours of July 19, widespread reports started coming in that many of these PCs were encountering 'blue screen of death' (BSOD) errors, taking services and systems offline.

Anyone who's used a Windows PC over the past 40 years will know that a BSOD error can be pretty nasty – it essentially forces the computer to stop what it's doing, and the only thing you can do is reboot the PC and hope the problem doesn't occur again. If it does, then the PC is in a pretty bad shape, and you'll need to do some troubleshooting to try to fix the BSOD error .

This can be extremely frustrating for individuals who find their Windows 11 PC or laptop can no longer run, but when the PCs used by hospitals, airlines, and banks start getting affected, things can get really bad, and unfortunately, that seems to be the case here.

Who is affected?

So, who is affected by this BSOD outage? So far it looks like hundreds of major businesses and organizations around the globe are having issues – and that means thousands, if not millions, of customers, hospital patients, travelers, and anyone relying on these services will be affected. There have been reports of hundreds of fights being delayed or cancelled, and hospital appointments being cancelled.

In the UK Sky News went off the air for a time, and airline Ryanair has posted that “We’re currently experiencing disruption across the network due to a Global 3rd party IT outage, which is entirely out of our control. Booking and check-in are currently unavailable.”  Ryanair recommends that people who are due to travel today check in at the airport, rather than trying to do so online.

So far, it doesn't seem like personal Windows 11 PCs are being affected – I'm writing this news story on one, and so far it seems fine. These are the companies and institutions that have confirmed they are affected so far:

• Microsoft
• Microsoft 365
• BetMGM
• Amazon
• Visa
• Sainsbury's
• Tesco
• RyanAir
• Waitrose (UK)
• Morrisons (UK)
• Wetherspoons (UK)
• Waterstones (UK)

• Sky News UK (back on air)

• BT
• Ladbrokes
• Santander
• Nationwide
• Royal Mail
• Southern Rail (UK)

• Swiss International Air Lines

• National Pharmacy Association (UK)
• Schleswig-Holstein university hospital (Germany)
• Berlin BER airport
• KLM

• Delta (US)
• United (US)
• American Airlines (US)
• Aemet (Spain)
• IndiGo (India)
• NHS (UK)

Why has this happened?

We're still not entirely sure what has caused this outage, but it appears to be affecting Windows devices used by businesses. Early reports suggest that cyber security firm CrowdStrike may be to blame, having pushed out a security update for its product that features a bug.

George Kurtz, CEO of CrowdStrike (I don't envy his job today), has released a statement on X:

In the statement, Kurtz says that a defect has been found "in a single content update for Windows hosts," and that Mac and Linux devices are not impacted.

He goes on to say that "this is not a security incident or cyberattack."

If you want to find out more about CrowdStrike, and why its product appears to have brought down so many systems across the world, then check out our What is CrowdStrike and how did it crash so many business computers? explainer.

When will it be fixed?

It could take a while to sort this mess out, but CrowdStrike has said it has identified a "content deployment related to this issue and reverted those changes." This supports the theory that it was caused by a bug in an update – and we're pretty sure there is going to be a lot of pressure on CrowdStrike employees to come up with a fix, as well as IT admins for businesses across the globe.

Meanwhile, Microsoft has confirmed with Tom Warren of the Verge that it is aware of the issue and that it expects a fix soon.

So, we don't have a clear idea of how long this will last, but CrowdStrike has issued workaround steps for anybody experiencing this problem:

1. Boot Windows into Safe Mode or the Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file matching “C-00000291*.sys”, and delete it
4. Boot the host normally

So there's good news in that the companies at the source of this problem, Microsoft and CrowdStrike, appear to have an idea of what the issue is and are working on a fix.

However, that fix could still take a while to implement – and it will then need to be rolled out to potentially millions of PCs around the world. This could be particularly difficult to do if the PCs are stuck on a BSOD loop, which essentially means that a PC encounters a BSOD, but when it is restarted, the blue screen of death reappears instantly.

The workaround involves booting into Safe Mode and manually finding a file and deleting it. For one PC, that might not be too much of an issue, but for organizations with hundreds of PCs, it's going to be a nightmare.

Neowin has also published some alternative workarounds which might be a quicker way to avoid this issue:

Alternative one:

1. Go into Command Prompt from Recovery options
2. Navigate to C:\Windows\System32\Drivers
3. Rename CrowdStrike to Crowdstrike_Old
4. Restart the PC

Alternative two:

1. Boot your Windows PC into Safe Mode or Windows Recovery Environment.
2. Go to Windows Registry
3. Edit the following key to disable the csagent.sys from loading.
4. HKLM:\SYSTEM\CurrentControlSet\Services\CSAgent\Start from a 1 to a 4

George Kurtz, CEO of CrowdStrike, has made a statement on X, where he says that "the issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website."

Those hoping that this will prove to be a quick fix may be disappointed, though. Tom Kidwell, Co-founder, Ecliptic Dynamics and former British Army and UK Government intelligence specialist, got in touch to say that "The outage impacting Windows devices this morning appears to have been caused by a driver update by CrowdStrike, bricking older windows devices and servers, which will be worst hit. Unfortunately for CrowdStrike, if that is the case, it could be nauseating to fix. Due to the nature of the update, an individual from every organization will need to boot into safe mode, remove the issue file/driver, and then either roll back or update to a new version, something CrowdStrike will need to release very quickly."

You might also like...

• What is CrowdStrike and how did it crash so many business computers?
• Microsoft says its cloud services are back up after major outage
• The Blue Screen of Death survival guide