Editor-in-Chief, Clara Kristanda, and News Section Editor, Beth Nicholls, delve into all the details about the Microsoft-CrowdStrike outage that hit Windows computers in July this year.
On 19 July 2024, a flawed software update within the cybersecurity company CrowdStrike caused a global outage on millions of Microsoft Windows computers that utilised its software. Many systems, from desktop monitors to airport screens and retail point-of-sale systems, showcased the same “Blue Screen of Death” (BSoD), which read as “:( / Your device ran into a problem and needs to restart…”
This BSoD caused devices to go into seemingly endless reboot loops, thus forcing them to a complete and indefinite stop. Although many systems could not communicate, it very quickly spread that this issue was worldwide, and specifically impacted Microsoft Windows computers.
What Happened?
On 19 July, CrowdStrike systems received an update patch to run its software called ‘Falcon Sensor’, which scans the system for intrusion and signs of malware. It should have been a seamless update, with very few being aware of the changes. Instead, when the update reached Windows OS computers, the system would instead descend into a “doom loop”, where the computers would continuously shutdown and restart to the BSoD [1].
As the error continued to reach unprecedented levels, it became known that the software update had gone wrong. The bug was only found in the update for Microsoft Windows; it did not affect Linux or Mac operating systems. Importantly, the event was not a security or cyber attack.
Nevertheless, the impacts of this update failure were widespread and immediate, as major delays and cancellations hit airlines, news broadcasters were without screen readers, and businesses had to close shop halfway through their day due to inabilities to undertake crucial admin or communications work.
Microsoft later revealed that they estimated 8.5 million computers to be affected by the CrowdStrike update and outage, which, surprisingly, came to make up less than one percent of total Windows machines [2].
The Aftermath
The meltdown has been reported to be one of the most impactful IT outages ever, being described by experts and the media as “the largest IT outage in history” [1]. In just hours, it lassoed CrowdStrike into the scrutinising public eye, and those who were previously unaware of its existence were introduced to it as the company that caused the worldwide stoppage, as opposed to a cloud-native platform designed to protect systems from cyber attacks.
In wake of the system bug being reverted and Windows machines returning to operating order, cyber-scammers were ready to take advantage of the situation. Phishers posed themselves as CrowdStrike employees or tech specialists, and offered “assistance” to restore computers. In the following days, Home Affairs Minister Clare O’Neil and CrowdStrike CEO George Kurtz warned businesses and individuals to be vigilant about the people they spoke to both over the email and phone, ensuring that those who they engaged with were legitimate assistance [3].
After CrowdStrike noticed and identified the issue and cause of incident, they managed to deploy an update which would allow Windows computers to successfully reboot, though this would take time. For most affected Australian companies this meant that they were still inoperable until the following day.
CrowdStrike’s official statement, released by Kurtz, was released to the press on the same day.
“I want to sincerely apologize directly to all of you for today’s outage. All of CrowdStrike understands the gravity and impact of the situation[...] you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again” [4].
What Now?
This event highlighted how the world is not only heavily dependent on technology, but also how the infrastructure of major systems is often largely reliant upon the industry’s megacorporation giants such as Microsoft and CrowdStrike. Although this outage wasn’t the result of a security breach or cyber attack, it was merely an error, it all-the-more emphasised how a supposedly minor mistake, such as a single patch update, has the power to devastate computers globally.
See our article on the Grapeshot website that features our Editor-in-Chief, Clara’s experience on the outage, here: https://www.grapeshotmq.com.au/post/after-crowdstrike-can-we-please-all-touch-grass
ENDNOTES
[1] Satariano, Adam, et al. “Chaos and Confusion: Tech Outage Causes Disruptions Worldwide.” The New York Times, 19 July 2024, www.nytimes.com/2024/07/19/business/microsoft-outage-cause-azure-crowdstrike.html.
[2] Special Broadcasting Service. “Microsoft Reveals Number of Devices Affected by CrowdStrike-Related Outage.” SBS News, 21 July 2024, www.sbs.com.au/news/article/microsoft-reveals-number-of-devices-affected-by-major-it-outage/0hua59twd.
[3] Iordache, Ruxandra, et al. “Microsoft-CrowdStrike Issue Causes “Largest IT Outage in History.”” CNBC, 19 July 2024, www.cnbc.com/2024/07/19/latest-live-updates-on-a-major-it-outage-spreading-worldwide.html.
[4] Kurtz, George. “To Our Customers and Partners | CrowdStrike.” Crowdstrike.com, 19 July 2024, www.crowdstrike.com/blog/to-our-customers-and-partners/.
Kommentarer