What you need to know
- July 19, 2024 marks the biggest global IT apocalypse in recent history, as a CrowdStrike update to a popular corporate Windows security solution triggers “Blue Screen of Death” crashes.
- CrowdStrike’s CEO initial statement made no mention of an apology, leading to a backlash.
- Microsoft has also responded to the outages, after being widely (and wrongfully) blamed initially for the outages.
- CrowdStrike is an $80 billion valued company that has seen roughly 10% of its share price wiped out over the outage.
If you work in a corporate IT environment of any kind, you might have woken up to a bit of a BSOD apocalypse this morning.
CrowdStrike is a company you may not have heard of until today, but the $80 billion company has become a mainstay of endpoint security solutions, particularly in corporate environments, protecting major global infrastructure against cyberattacks and the like. They have been involved in investigating major hacks across the globe, and it even has the highest level of authorization to work with the U.S. Department of Defence to protect against state-sponsored attacks, as well as domestic threats. However, today, many of CrowdStrike’s partners may be re-evaluating.
An update CrowdStrike pushed to its software within Windows environments has seen some of the biggest simultaneous IT outages in history, with airlines, broadcasters, hospitals, and other major infrastructure endpoints being impacted. People have reacted angrily to the disruption, but have also piled on scorn after CEO George Kurtz seemingly refused to accept responsibility in the firm’s initial statements.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack,” CEO George Kurtz said. “The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.”
After the initial wave of condemnation, George Kurtz did eventually head onto TODAY News to speak about the outage (which was, also, ironically impacted), and claimed the firm was “deeply sorry” for the disruption.
EXCLUSIVE: CrowdStrike founder and CEO @George_Kurtz speaks on TODAY about the major computer outages worldwide that started earlier today: “We’re deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this.” pic.twitter.com/fWz6KhgrcZJuly 19, 2024
Microsoft’s lead for communications Frank Shaw also offered this statement, given that many across the globe took to blaming Microsoft and Windows for the fallout, despite the fact it was CrowdStrike’s software causing the issue. “Earlier today, a Crowdstrike update was responsible for bringing down a number of Windows systems globally. We are actively supporting customers to assist in their recovery.”
What makes this particular outage so irritating to deal with for IT departments revolves around the fact it requires Safe Mode removal of the faulty update. For heavily locked-down computers with Bitlocker encryption, that potentially involves a lot of manual deployment. This isn’t necessarily something you can easily fix via a remote Windows Server deployment or Group Policy, at least in some environments.
Not Microsoft’s fault, but still a bad look somehow
CrowdStrike’s share price has taken a 28 point nosedive on the news today, as investors abandon the firm. Indeed, many companies may be looking to diversify their security solutions on the back of this massive outage, which even took down several of Microsoft’s own services, including the Xbox network (formerly known as Xbox Live).
RELATED: Microsoft: Fix CrowdStrike bugs by turning it off and on again
In reality, CrowdStrike is a competitor of Microsoft, who offers their own security solutions such as Microsoft Endpoint Defender for these types of scenarios. CrowdStrike adds layers of protection, but the end user doesn’t see CrowdStrike’s logo when things go down — all they see is the iconic Windows Blue Screen of Death, which is what led headlines initially. As outlets started to get to grips with the real cause of the issue, headlines were updated to reflect CrowdStrike’s responsibility. Still, the internet reacts as the internet does, with hilarious memes. Spare a thought for busy IT departments who expected to be having a chill weekend.
The Crowdstrike engineer who pushed the update that caused the global IT meltdown, crashing Microsoft devices (BSOD), taking down government IT services in Australia, New Zealand and several US states while disrupting global banks, media and airlines (gonna be a crazy flying day) pic.twitter.com/g7hcNa1XZuJuly 19, 2024
Still, it raises questions about the virtue of having a few pieces of software like CrowdStrike be so dominant across so much critical infrastructure. This wasn’t the result of a cyberattack, but it very well could’ve been — and the vulnerability might give enemy nation states some quirky ideas.
I suspect there will be a lot of soul searching at both CrowdStrike and Microsoft about how to prevent anything like this from happening again in the future.