CrowdStrike Update Brings Windows Down, Causes Global Chaos

If you’ve been active on social media (don't be a victim of doomscrolling) or have viewed TV news channels today (July 19, 2024), you’ve probably heard of the global chaos that the world witnessed.

If you were busy traveling and didn’t get time to check either of the media platforms, you probably witnessed the chaos.

Users of Microsoft Windows-powered PCs were unable to use their machines as all they saw was its dreaded and infamous “blue screen of death”.

It was a global outage that brought the world to a standstill, from airlines to banks, a wide range of industries were affected.

The outage was even touted as the largest IT outage in history.

So, what caused the global outage? Let’s explore!
 

What Was The Microsoft Windows Outage About?

 

• Social media was abuzz with reports, messages, posts, news articles and memes of Microsoft Windows crashing to reveal its “blue screen of death” as reports across multiple news outlets started swinging in trying to make sense of what the issue was.

• The outage affected organizations far and wide, disrupting businesses, airports, train stations, banks, telecom providers, media outlets, healthcare and more.

• While travelers were left stranded with numerous flights delayed or cancelled, US airspace officials issued a nationwide grounding of all flights.

• Furthermore, some 911 call centers were offline, with emergency services like hospitals also facing standstills.

• At the time, Microsoft said it was investigating issues with its Azure platform in the United States. That was until reports started flying in from Australia, New Zealand, UK, India, South Africa, Israel, Germany and many other countries.

• While Microsoft remained the sole culprit of the global outage in the beginning, the cause was soon narrowed down to an updated file gone rogue in a recent software update by cybersecurity giant, CrowdStrike.

• The update in question was being made to its flagship security product, Falcon Sensor.

• Ultimately, CrowdStrike published a statement on its website, saying, “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts.”

 

What Did CrowdStrike’s Statement Reveal?

 

• As per the statement, only machines running Windows operating systems were hit, while users of Mac and Linux OS were not affected.  

• Ahead of this, CrowdStrike also confirmed that the problem was not brought about by a security risk or cyberattack but rather a technical issue.

• “The issue has been identified, isolated and a fix has been deployed,” said the company, while encouraging customers to refer to its support portal for latest updates and for organizations to communicate “with CrowdStrike representatives through official channels.”

• Soon after this, the company provided an update in which it named the file "C-00000291*.sys" with a timestamp of 0409 UTC as the problematic version.

• Its fix came in the form of "C-00000291*.sys" with a timestamp of 0527 UTC or later AKA the reverted (good) version.

• Furthermore, it said that Windows hosts that were brought online after 0527 UTC would not be impacted, neither would hosts running Windows 7/2008 R2, while hosts that weren’t impacted wouldn’t require any action as the problematic file was reverted.

• The statement also provided Workaround Steps for individual hosts and public cloud or similar environments along with other technical information.

• While the company was providing updates through various channels, CrowdStrike’s President and CEO, George Kurtz, also shared key information and updates through his personal X handle.

 

What Did CrowdStrike CEO George Kurtz Say?

 

• In his first post addressing the issue, George Kurtz, President and CEO, CrowdStrike, said, “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts.”

• [Contd.] “Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”

• Kurtz’s second post provided updates saying, “Today was not a security or cyber incident. Our customers remain fully protected. We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption.”

• [Contd.] “We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on. As noted earlier, the issue has been identified and a fix has been deployed.”

• [Contd.] “There was an issue with a Falcon content update for Windows Hosts.”

While some businesses executives were frustrated with the outage, some employees rejoiced in the downtime bestowed upon them.

While some travelers complained about the delays, cancellations and long queues, others posted about receiving their first-ever handwritten boarding pass.

However, a major concern that comes up is how a simple software application file could lead to worldwide standstill, what happens if bad actors intentionally set loose malicious software?

Considering how one small problematic file could cause chaos on a global scale, do you think software companies should be required to conduct more rigorous testing before launching updates for their products?

Let us know in the comments below!