Microsoft’s Role in the Recent CrowdStrike Outage

CrowdStrike outage broke organizations across various sectors globally, causing significant operational disruptions. The affected entities spanned multiple industries, including aviation, finance, healthcare, and public administration. As computer networks went down, customers could not access essential services, leading to confusion and distress. 

In an official statement, Microsoft reported that approximately 8.5 million Windows-based devices were impacted by this incident.

What Happened?

Windows users have faced a persistent Blue Screen of Death (BSOD) error that caused panic or rejoicing for some employees due to unexpected breaks. Yet, big establishments lost profit because of this outage. This critical system failure typically requires a restart to resolve. However, restarting or shutting down in this case didn’t fix the issue.

Instead, users found themselves stuck in a continuous cycle of crashes and restarts, with the BSOD repeatedly appearing despite their efforts to resolve it.

To understand the current issue, let’s look at CrowdStrike, its role in Windows systems, its key achievements, and why Microsoft is not to blame for this current Windows IT outage.

CrowdStrike Overview

CrowdStrike, a global cybersecurity firm, offers cloud-based protection for endpoints,  threat intelligence, and cyberattack response services with 29,000 customers worldwide. Their Falcon platform consolidates cybersecurity efforts to prevent breaches. Using a single lightweight agent, it collects and integrates enterprise-wide data from third-party sources.

Falcon encompasses multiple security functions: managed services, vulnerability management, IT operations, threat intelligence, and other cloud modules. 

Founded in 2011, CrowdStrike has become a significant player in the cybersecurity industry. The company’s expertise has been sought in numerous high-profile digital security incidents. Two notable cases that showcase CrowdStrike’s involvement in significant cybercrime investigations include the 2014 cyberattack on Sony Pictures, and the 2016 Democratic National Committee emails leak incident.

These events underscore the company’s role in addressing significant cyber threats and contributing to understanding and mitigating large-scale digital security breaches over the years.

The platform is delivered via a Software as a Service ( SaaS ) subscription, targeting large corporate markets.

So what happened?

Security Upgrade Gone Wrong

On July 19, 2024, CrowdStrike released its Falcon Sensor software update to bolster client defenses against emerging threats. Unfortunately, the update contained flawed code, leading to a large-scale system failure. This event caused significant disruptions for many businesses running Microsoft Windows, resulting in what’s commonly known as the Blue Screen of Death (BSOD). 

The incident is one of the most far-reaching technology breakdowns in recent history, particularly for Windows-based systems.

The bug caused affected machines to enter a continuous cycle of rebooting and recovery attempts. This malfunction significantly impacted various sectors, with Banks, airlines, healthcare facilities, and government agencies experiencing the most severe disruptions. Consequently, many of these organizations found their systems needed to be more connected to networks.

Cybersecurity expert Patrick Wardle explained that the update was designed to carry new configuration data or identifiers for recognizing specific malware types. The goal was to improve the software’s ability to detect evolving threats. However, this attempt at enhancement backfired dramatically since CrowdStrike did not fully validate the faulty update file.

Crowdstrike learned the hard way that security software companies must thoroughly test updates before deploying them to users.

John Hammond, a leading researcher at Huntress Labs, commented on the situation. He suggested that a more prudent approach involved initially deploying the update to a small test group. According to Hammond, this method typically helps prevent large-scale issues like the one that occurred.

Who Are the Most Affected in the Recent CrowdStrike Outage?

The recent global IT outage had far-reaching consequences, affecting diverse sectors across multiple countries. Businesses, financial institutions, healthcare providers, and airlines were among the most severely impacted, and many are still struggling to restore their systems entirely.

The aviation industry experienced significant disruptions. FlightAware, a flight tracking and data platform, reported over 1,400 flight cancellations in and out of the United States on Sunday alone. Major carriers Delta and United Airlines were particularly affected, with flight information displays malfunctioning at numerous airports.

The impact reached financial markets, prompting Hong Kong’s stock exchange to suspend derivatives trading. Healthcare services in the UK, Israel, and Germany faced significant disruptions, with numerous cancellations. Even Times Square’s big screens in New York went dark.

Imagine Times Square’s vibrant displays abruptly shutting down after dark – like staring into a pitch-dark wall canvas.

The outage’s impact was truly global. It affected thousands of customers worldwide, with a notable concentration in the United States. Windows users across various industries and regions grappled with system failures and operational challenges.

Surprisingly, China remained largely unaffected by the global disruption since it is not as reliant on Microsoft products as other parts of the world. Many Chinese businesses and institutions use homegrown operating systems and software, which shield them from the Windows-specific issues plaguing Western countries.

Responses from CrowdStrike and Microsoft

CrowdStrike CEO George Kurtz addressed the recent service disruption affecting Windows users. The company attributed the outage to a defect in a Falcon content update, emphasizing it was not a cyberattack. Mac and Linux systems were unaffected.

Kurtz assured customers that core CrowdStrike services remained operational and that efforts to restore impacted systems were ongoing. 

He advised users to stay vigilant against scams and urged them to rely on official CrowdStrike channels for updates and support. The company pledged transparency regarding the incident and future preventive measures, acknowledging the importance of maintaining customer trust. Kurtz encouraged everyone affected to use official channels for the latest updates.

Kurtz urged users to communicate with official company representatives before downloading fixes. He warned that cybercriminals are exploiting the situation to deceive victims.

Cybersecurity experts and agencies warn people about a wave of hacking attempts related to the IT outage, including fake emails, malicious websites, and unofficial codes claiming to help recovery.

Microsoft is not solely responsible for the recent CrowdStrike BSOD issue; CrowdStrike confirmed that a defect in their Falcon content update for Windows hosts caused the problem. CEO George Kurtz stated it was not a cyberattack but their update that triggered the outage.

CrowdStrike acknowledged the responsibility and worked on resolving the problem and restoring affected systems.

While CrowdStrike has deployed fixes, Microsoft has released a recovery tool to assist IT administrators in fixing Windows machines affected by the recent CrowdStrike update issue. This tool creates a bootable USB drive, quickly recovering impacted systems.

While some IT admins have successfully resolved the issue by rebooting PCs multiple times, others may need to manually boot into Safe Mode to delete the problematic CrowdStrike update file.

How to Fix BSOD According to CrowdStrike and Microsoft

CrowdStrike announced that a fix has been deployed, but experts caution that it may take weeks to restore all systems fully.

Some systems began coming back online as early as Sunday, but the number of users restored still needs to be determined.

In the meantime, CrowdStrike suggests the following workaround:

• Boot into Safe Mode
• Go to Windows\System32\drivers\CrowdStrike
• Locate and delete “C-00000291*.sys”
• Restart the computer normally

Alternatively, restarting the computer may help, though multiple reboots—up to 15 times—might be necessary. A Microsoft spokesperson noted that while several reboots might be required, this approach has proven to be a practical troubleshooting step.

Lesson Learned on the Recent CrowdStrike Outage

CrowdStrike could have prevented this catastrophic event with thorough verification before releasing the update. Despite their apology, such incidents must not recur, as cybercriminals always seek opportunities to exploit vulnerabilities. This situation highlights that no system, including Mac and Linux, is entirely immune to risks. 

Even a single compromised file can trigger widespread disruptions. Mac systems are advanced but not exempt from today’s evolving cyber threats.

All organizations must enhance their testing and verification processes to safeguard against such issues. Collaboration and vigilance are essential in the fight against cyber threats. Learning from this incident can strengthen our defenses and protect our systems from future attacks.