Cybersecurity giant CrowdStrike said its latest software update caused a massive technology outage worldwide, affecting about 8.5 million Microsoft devices worldwide.
Although the incident still affects less than one percent of all Windows computers, it has had a significant impact on many vital sectors, demonstrating just how far-reaching modern digital infrastructure can go.
In a blog post, Microsoft revealed the extent of the issue: “We currently estimate that the CrowdStrike update has affected 8.5 million Windows devices, or less than one percent of all Windows devices.” The impact has been felt widely, even though the number represents a small fraction of the total number of Windows devices, underscoring CrowdStrike’s leadership in cybersecurity.
Impact across multiple industries
This outage has affected many industries:
1. Aviation: Thousands of flights have been canceled, leaving passengers stranded or facing long delays. Delta Air Lines, one of the hardest-hit airlines, reported more than 600 flight cancellations by Saturday morning, with more expected.
2. Broadcasting: Many broadcasting stations were forced to stop broadcasting, disrupting media services.
Healthcare and Banking: Customers found themselves unable to access essential services, including healthcare systems and banking services.
3. Government and Corporate Sectors: With more than half of Fortune 500 companies and major government agencies like the U.S. Cybersecurity and Infrastructure Security Agency relying on CrowdStrike, the effects of the outage have spread across both the public and private sectors.
Technical details of the accident
The company found that the reason for the inability to access the service was that CrowdStrike had implemented an update to its widely used Falcon sensor software. This update was intended to improve cybersecurity to protect against new threats. However, bugs in the code of the update files caused many customers to experience crashes while working with Microsoft Windows.
Security experts, including Steve Cobb, chief security officer at Security Scorecard, said the file must have found a way to get past whatever scanning or protection process was used for testing.
The problem lies in a “file that contains either configuration information or signatures,” said Patrick Wardle, a security researcher who specializes in threats to operating systems. This is important for identifying certain types of malicious code or malware.
Some common images of the outage include so-called “blue screens of death” — error messages that appear on affected computers, and are widely shared across social media platforms.
CrowdStrike has provided information to repair systems affected by the incident. However, the steps required to restore systems are extensive and will be laborious, as the faulty code must be manually removed from each affected system.
Microsoft is also involved in the recovery process. The software giant is partnering with CrowdStrike to create a rapid fix for Microsoft’s Azure infrastructure. Additionally, Microsoft has reached out to Amazon Web Services and Google Cloud Platform, among other major software providers, to share its observations and implications for the industry.
Industrial impacts and lessons learned
The incident serves as a stark reminder of the potential risks associated with widely used cybersecurity software and the urgent need for rigorous testing protocols. John Hammond, principal security researcher at Huntress Labs, emphasized the importance of taking a more cautious approach to software updates: “Ideally, this would have been rolled out to a limited group first. That’s a safer approach to avoiding a major mess like this.”
The outage also highlights the delicate balance between the need for frequent security updates and comprehensive testing. As Patrick Wardle points out, “It’s very common for security products to update their signatures, once a day… because they’re constantly monitoring for new malware and want to make sure their customers are protected from the latest threats.” However, this frequency may have contributed to insufficient testing in this case.
Historical context and industry trends
This isn’t the first time we’ve seen a major cybersecurity company go down. McAfee took hundreds of thousands of machines offline due to flawed antivirus updates in 2010. But the global fallout from the CrowdStrike outage showed how a single company can have a profound impact on entire industries, as more and more businesses rely on cybersecurity software.
For all the affected organizations currently working hard to rebuild their systems, this event is a stark reminder of how difficult it is to deal with everything in our digital ecosystem. At the same time, this event should stand out as a test of our very strict testing policies, a reshaping of the approach of rolling out major updates slowly, and a safety plan that can be implemented if it happens again.
The CrowdStrike outage also raises the question of whether there is too much risk concentrated in the cybersecurity industry, and whether these outages prove that we need to diversify the security solutions within our systems.
This will certainly serve as a strong reference point as the digital world continues to change and renew conversations about best practices in software development, testing, and deployment, especially across critical infrastructure and security systems.
(Photo by Joshua Hohn)
See also: The day CrowdStrike broke the internet, China was largely unaffected. Here’s why
Want to learn more about cybersecurity and cloud from industry leaders? Check out the Cybersecurity & Cloud Expo in Amsterdam, California, and London. Explore other upcoming enterprise technology events and webinars powered by TechForge here.
