Understanding the impact of the CrowdStrike-Microsoft outage
7/22 Update
Help Desk Services and NOC Services returned to normal operation the evening of 7/19: partners can email Help Desk Services and chat with NOC Services as per usual. For real-time email updates about service disruptions, Root Cause Analyses (RCAs), and scheduled maintenance downtimes around the world subscribe to status.connectwise.com.
What happened
In simple terms, CrowdStrike customers using Microsoft products are experiencing widespread outages due to a defect in a CrowdStrike content update for Windows hosts. Some are calling this “the largest IT outage in history”.
CrowdStrike’s President/CEO and Founder, George Kurtz, posted on LinkedIn that the company is “actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
According to an article on Forbes this is a global issue with widespread impact. “Planes have been grounded in the U.S., trains in the U.K. are impacted, as well as boarding scanners at Edinburgh airport in Scotland.”
Another article on WIRED states “banks, airports, TV stations, hotels, and countless other businesses are all facing widespread IT outages, leaving flights grounded and causing widespread disruption, after Windows machines have displayed errors worldwide.”
What services are affected
Due to this outage, two of ConnectWise expert services have been impacted, and we’re experiencing higher than normal volume.
Help Desk Services: The ability to email the Help Desk Services is currently unavailable and we’re unable to schedule work in advance.
NOC Services: The ability to chat with the NOC is currently unavailable.
Rest assured we’re still working to support you.
What we're doing about it
We’re committed to serving our valued partners, especially during this time when you need us most.
Staff augmentation
We’re augmenting our staff to handle increased call volume. This is an all hands-on-deck moment and our team is prepared to meet the increased demand for our services.
Solutions to mitigate impact
To assist you further, we've detailed how ScreenConnect can help mitigate the impact of this outage.
ScreenConnect offers solutions to reboot affected machines into Safe Mode and use remote support tools to resolve the issues caused by the CrowdStrike update.
Additionally, ConnectWise View enhances our support capabilities by allowing technicians to visually guide users through troubleshooting steps via live streaming through the camera of their mobile devices.
What to do as a ConnectWise partner
Within Help Desk Services, there are 4 ways partners and end customers can get in touch with us
- Call
- Chat
- PSA
Partners can leverage one of the other 3 ways to contact us
- Help Desk Services: call, chat or submit a ticket through PSA. Email is currently the only method unavailable for Help Desk Services
- NOC Services: call, email or submit a ticket through PSA. Chat is currently the only method disabled for NOC Services
This is not a ConnectWise outage, incident or cyberattack. This is a third-party outage. However remain vigilant as the ConnectWise Cyber Research Unit has received reports of active phishing campaigns exploiting the outage. Threat actors are using domains such as "crowdstrikebluescreen[.]com" and "fix-crowdstrike-apocalypse[.]com" to deceive users into providing sensitive information.
These domains, identified through urlscan.io, mimic legitimate CrowdStrike support pages and prompt users to download fake updates after paying with Bitcoin or other cryptocurrency.