On July 19th, Microsoft experienced a "blue screen of death" in many regions worldwide, leaving a large number of users unable to operate their systems normally, with many encountering the "csagent.sys" error.

Network engineers have indicated that the primary cause of this blue screen phenomenon is the antivirus platform, CrowdStrike. This claim was later confirmed by Microsoft's official customer service. Customer service representatives from Microsoft's support center stated that for the bulk blue screen occurrences, it is currently understood that most are due to the installation of third-party antivirus software on company computers. They also mentioned that if renaming the driver file is ineffective, further action can only be taken by contacting the company's IT department.

In response, CrowdStrike posted on its support platform that it has received numerous reports of Windows computers experiencing blue screens, and its engineering department has determined that the issue is related to "content deployment." The changes have been restored. It is recommended that affected users boot their computers in safe mode or recovery environment, navigate to the C:\Windows\System32\drivers\CrowdStrike directory, find the file that matches "C-00000291*.sys" and delete it to start the computer normally.

Microsoft's "big failure" did not start with today's blue screen.

Since last night, some users have been unable to access Microsoft's 365 subscription features, and even some users in the central United States have been unable to use Microsoft's Azure cloud service functions normally.

According to user reports, Microsoft issued a warning on their computer interfaces last night, stating that Microsoft 365 subscribers would not be able to access SharePoint Online, OneDrive for Business, Teams, Intune, PowerBI, Microsoft Fabric, Microsoft Defender, and Viva Engage. Azure's status page also showed that since approximately 21:56 UTC on July 18th, "some customers may encounter issues with multiple Azure services in the Central US service area, including service management operations and service connectivity or availability outages."

For users unable to use Microsoft 365, Microsoft's engineers have been working overnight to fix the problem. As of 01:30 UTC on July 19th, the status page for Microsoft 365 has been updated to "service availability is gradually returning to a healthy state after our traffic redirection efforts." Microsoft has stated that for this failure, the "potential root causes that could affect have been determined. The team is currently verifying these findings and our mitigation strategies to ensure the problem is resolved as quickly as possible."

For users unable to use Azure cloud services, Microsoft's repair strategy is to route traffic to other unaffected areas to attempt recovery. The reason for the accident, according to Microsoft, is that a backend cluster management workflow deployed a configuration change, which resulted in the backend access between some Azure storage clusters and the computing resources of the Central US service area being blocked - this led to the automatic restart of computing resources when the connection with the virtual disk was lost. To date, the mitigation measures taken for all Azure storage clusters have been confirmed, and most services have returned to normal.

The scope of this "big failure" is very broad. According to the website failure tracking software Downdetector on July 1st, Japanese users reported problems with Microsoft 365. As of around 1:35 pm local time, there were more than 2,800 failure reports, 69% of which were related to Onedrive. In addition, the train running position information of West Japan Railway Company (JR West) could not be obtained due to the Windows system failure, and Australian airlines, banks, government networks, enterprises, and supermarket self-service checkouts were also affected.

From July 18th to 19th, Microsoft experienced three major failures within 24 hours. To date, some users' Microsoft 365 applications are still in a degraded state.