Microsoft
What you need to know about CrowdStrike’s recent update failure
A faulty update from cybersecurity firm CrowdStrike caused a massive outage, grounding flights, knocking banks and hospitals offline, and taking media outlets off the air, resulting in chaos and delays worldwide.
Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.
In a mind-boggling display of how one tiny mistake can cascade into global chaos, a faulty update from cybersecurity firm CrowdStrike sent the internet into a tailspin last Friday, leaving a trail of destruction in its wake.
The company’s Falcon software, used by scores of businesses worldwide, was the culprit behind the massive outage. This grounded flights knocked banks and hospitals offline and even took media outlets off the air.
The disaster began when CrowdStrike pushed out a defective update for its Falcon tool. This promptly caused Windows computers to crash and display the infamous “blue screen of death.”
Since countless companies rely on CrowdStrike for their security needs, the consequences of this technical blunder were staggering. Air travel was chaotic as airlines lost access to check-in and booking services, leaving passengers stranded.
Banks in South Africa and New Zealand reported outages that disrupted payments, while some news stations, particularly in Australia, could not broadcast for hours. Hospitals scrambled to cope with problems with their appointment systems, leading to delays and sometimes cancellations of critical care.
Even people just trying to grab a morning coffee were impacted, with trouble ordering ahead at Starbucks causing long lines at some locations. Even billboards in New York City’s famous Times Square went dark.
Who is CrowdStrike?
CrowdStrike, a U.S. cybersecurity company founded in 2011, bills itself as the globe’s most advanced cloud-based security technology provider. It provides software to companies across industries and boasts 29,000 clients, reports The Associated Press.
The company partners with Amazon Web Services and its “Falcon for Defender” product supplements Microsoft Defender to prevent attacks.
The company acknowledged that the outage was caused by a defect found in a single content update for Windows hosts. Mac and Linux systems were unaffected. The wound was self-inflicted, not a security incident or cyberattack.
As the disruptions continued across the globe, CrowdStrike and Microsoft scrambled to contain the damage. CrowdStrike said it was “actively working with customers impacted by a defect found in a single content update for Windows hosts” and that a fix “had been deployed.”
Microsoft spokesperson Frank X. Shaw said that the company was “actively supporting customers to assist in their recovery.”
But as the hours ticked by, the chaos only deepened. CrowdStrike President and CEO George Kurtz apologized on social media, saying “We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption.”
Beware the scammers
Yet even as a fix was rolled out, experts warned that the fallout could linger. This was because some customers may require a “manual” fix to get back up and running. Smaller companies or organizations with limited IT resources were particularly at risk, as bad actors might exploit the situation.
Gartner analyst Eric Grenier noted that those affected should talk to trusted organizations as they work toward recovery. “Attackers will definitely prey on organizations as a result of this.”
The CrowdStrike debacle is a stark reminder of the vulnerabilities of our increasing reliance on a handful of software providers.
When something goes wrong, the consequences can be catastrophic
As one expert noted in The Conversatation, it’s an “all our eggs in one basket” situation – we rely on these providers to identify threats and respond to them quickly, but when something goes wrong, the consequences can be catastrophic.
Keeping these providers accountable is key, as well as monitoring and reviewing them often to make sure they’re meeting expectations and providing the necessary security. If not, then we have more of these global outages to deal with.
Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.
Editors’ Recommendations:
- Microsoft service outage disrupts Bing search, Copilot and ChatGPT
- AT&T faces backlash over measly $5 credit for network outage
- ChatGPT is finally up after hours of outage, now with free voice search
- Discord back online after “Blocked” message outage