I am getting asked a lot about this. Below is mix of reporting and my take on what happened and what needs to be done.
Just so we are clear: I have no secret inside knowledge or insight into the problems. But if you are looking for a clear explanation, read on.
The recent CrowdStrike computer outages were caused by a flawed update to their Falcon antivirus software. This update, intended to protect Microsoft Windows devices from cyber attacks, inadvertently led to a critical error known as the “blue screen of death” (BSOD) for many users. The issue was not due to a cyber attack but rather a defective channel file in the Falcon sensor product, which caused Windows devices to enter a boot loop, preventing them from starting up properly (Computer Weekly) (ABS-CBN News) (PanAsiaBiz).
Let’s talk about exactly which Windows systems were impacted. The CrowdStrike problem primarily affected Windows systems running CrowdStrike’s Falcon antivirus software. The Windows systems were primarily within large corporations, and Windows servers in data centers, not personal systems that only use Windows Defender and maybe some other third party antivirus software.
Further, older Windows systems were not affected either. For example, Southwest Airlines was not as heavily affected by the CrowdStrike outages because it uses older operating systems, specifically Windows 3.1 and Windows 95, for its critical systems. These legacy systems did not receive the faulty CrowdStrike update that caused the widespread blue screen of death (BSOD) errors on more modern Windows systems used by other airlines. This use of outdated technology provided an unexpected advantage, allowing Southwest to continue its operations without disruption while many other airlines experienced significant issues (Fudzilla.com – Home) (ABS-CBN News). Companies using Linux servers had no issues either.
The outage had widespread impacts, affecting approximately 8.5 million Windows devices globally. It disrupted various sectors, including airlines, banks, healthcare services, and media organizations. Notable affected entities included American Airlines, Delta, the London Stock Exchange, and many hospitals and GP surgeries (Computer Weekly) (Yahoo News – Latest News & Headlines).
The corrective action by CrowdStrike for their problem involved quickly identifying the faulty update to the Falcon antivirus software and rolling out a fix to affected systems. This update caused the blue screen of death (BSOD) due to a defective channel file. CrowdStrike worked to remove the defective update and replace it with a corrected version. Additionally, Microsoft and CrowdStrike provided guidance and support to affected users to restore normal operations (Computer Weekly) (PanAsiaBiz).
While CrowdStrike has resolved the issue and emphasized that it was not a security incident, the downtime created opportunities for cybercriminals to exploit the situation through phishing and social engineering attacks. Organizations and IT leaders were advised to be vigilant about potential follow-on threats (Computer Weekly) (ABS-CBN News).
To correct their affected systems caused by the CrowdStrike update, users needed to follow specific steps:
- Boot into Safe Mode: Start the computer in Safe Mode to bypass the faulty update.
- Uninstall the Faulty Update: Locate and remove the problematic CrowdStrike update from the system.
- Install the Corrected Update: Download and install the fixed version of the Falcon antivirus software provided by CrowdStrike.
- Reboot Normally: Restart the computer normally to ensure the system is stable and functioning properly.
These steps helped restore normal operations on affected Windows systems (Computer Weekly) (PanAsiaBiz).
Now let’s not sugar coat the next thought. Why did no one test this update at CrowdStrike and/or Microsoft? Just running the update on a single CrowdStrike system would have revealed the problem. As of this posting, no one has take responsibility for the failure to properly test and therefore avoid this problem. Shame on CrowdStrike for this. A full investigation should be done, including researching all testing logs, interviews, etc.. Though it may be too late for all that as they have had so long to sweep any issues under the rug.
Sure, CrowdStrike has taken responsibility for the failure caused by the faulty update to their Falcon antivirus software. In response, the company issued a public statement acknowledging the issue, explaining the cause of the disruption, and detailing the steps taken to resolve the problem. CrowdStrike’s CEO, George Kurtz, stated that the company is actively working with affected customers to mitigate the impact and prevent similar incidents in the future (Computer Weekly) (ABS-CBN News) (PanAsiaBiz). But honestly, that does not even begin to address the apparent huge issues at CrowdStrike.
What to do then? Going forward, organizations have several options besides using CrowdStrike for their cybersecurity needs:
- Alternative Security Solutions: Companies can explore other cybersecurity providers such as Symantec, McAfee, Palo Alto Networks, and SentinelOne, which offer similar endpoint protection, threat detection, and response capabilities.
- Enhanced Testing Procedures: Implementing stricter testing and validation procedures for updates before deployment can help prevent similar issues.
- Hybrid Solutions: Combining multiple cybersecurity solutions to diversify risk and ensure redundancy.
- Cloud-Based Security: Utilizing cloud-native security platforms from providers like Microsoft Azure Security, AWS Security, or Google Cloud Security.
Evaluating these options can help organizations enhance their security posture while mitigating risks associated with single-provider reliance.
I am sure we will hear more in the coming weeks and months. So stay tuned.
Comments are welcomed below from registered users. If you would like to see more content and articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!