CrowdStrike Falcon Update Triggers Global Windows Outage Affecting 8.5 Million Machines

A malformed content update from CrowdStrike's Falcon endpoint sensor caused widespread Windows blue-screen crashes today, in what Microsoft estimates is one of the largest IT outages on record. The faulty channel file — pushed to customers globally over a span of approximately 78 minutes — caused affected systems to enter a boot-loop, requiring on-site intervention to remove the offending file via Safe Mode.

The downstream impact was immediate and severe. Delta Air Lines, United, American, and Frontier all grounded fleets temporarily. The London Stock Exchange paused certain market data services. Sky News halted live broadcasts. NHS GP surgeries in the UK reverted to paper records. Emergency 911 services in several U.S. states reported degradation, though calls continued to be routed by fallback systems.

CrowdStrike CEO George Kurtz issued an unreserved apology and confirmed the outage was caused by "a defect found in a Falcon content update for Windows hosts." The company said the update was not the result of a cyberattack and that Mac and Linux customers were unaffected.

Microsoft estimated approximately 8.5 million Windows devices were affected — less than one percent of the global Windows install base, but disproportionately concentrated on enterprise, regulated, and critical-infrastructure systems where Falcon is deployed.

The incident reignited a long-running debate about the operational risk of kernel-mode security agents. Microsoft published a post-incident blog calling for closer collaboration between security vendors and the Windows platform team, and signaled it would explore architectural changes to allow more endpoint-security functions to run outside the kernel.