Global Outage: CrowdStrike Update Causes Major Disruptions to Airlines, Banks, and More
Texas, 19th July 2024: On Friday morning, a massive outage disrupted major airlines, TV broadcasters, banks, and other essential services worldwide. The cause of this global issue, which resulted in widespread Blue Screen of Death errors on Windows machines, was traced back to a single software company: CrowdStrike.
CrowdStrike, a Texas-based company founded in 2011, specializes in detecting and preventing security breaches. It has been instrumental in investigating significant cyberattacks, including the Sony Pictures hack in 2014 and the Russian cyberattacks on the Democratic National Committee in 2015 and 2016. As of Thursday evening, CrowdStrike’s valuation stood at over $83 billion.
With around 29,000 customers, including more than 500 companies from the Fortune 1000 list, CrowdStrike’s extensive reach meant that any glitch could have widespread repercussions. This morning, systems using CrowdStrike and Windows-based hardware went offline en masse. CEO George Kurtz stated on Friday that the company is “actively working with customers impacted by a defect found in a single content update for Windows hosts,” emphasizing that the issue is not related to a cyberattack and does not affect Mac or Linux machines.
The outage on July 19th was linked to CrowdStrike’s flagship Falcon platform, a cloud-based solution that integrates various security features, including antivirus, endpoint protection, threat detection, and real-time monitoring. The problematic update appeared to install faulty software onto the core Windows operating system, causing systems to enter a boot loop with an error message saying, “It looks like Windows didn’t load correctly,” and offering users options to troubleshoot or restart their PCs. Many companies, including an airline in India, resorted to manual operations as a workaround.
Lukasz Olejnik, an independent cybersecurity researcher, consultant, and author of the book “Philosophy of Cybersecurity,” explained to The Verge, “Our software is extremely interconnected and interdependent. But in general, there are plenty of single points of failure, especially when software monoculture exists at an organization.”
Although CrowdStrike has deployed a fix, restoring affected systems will be a complex process. Olejnik told The Verge that resolving the issue could take “days to weeks” as IT administrators may need physical access to each device. The speed of recovery will depend on the size and resources of a company’s IT team. “Some systems in certain specific circumstances may be unrecoverable, but I assume that the majority will be recovered,” Olejnik added.
