How a Faulty Software Update By CrowdStrike Caused a Global IT Outage

CrowdStrike logo image

Background

Microsoft Windows uses a security system called Falcon from a company named CrowdStrike. Falcon is deeply integrated into Windows, constantly monitoring the operating system for threats to keep it safe.

CrowdStrike pushed an update on Friday, 19th July, 2024, on all Windows devices around the world at the same time. Unfortunately, that update had a bug that caused the infamous ‘Blue screen of Death’ (BSOD) error on many Windows computers.

About the Incident

On Friday, a perfect storm of tech failures caused global chaos, disrupting essential services worldwide. The incident began with an unrelated Microsoft Azure outage on Thursday night, but the real havoc started Friday morning when CrowdStrike, a cybersecurity company, released a faulty software update which caused global IT outage to airports, media, banks, hospitals and other organizations.

This update, meant for CrowdStrike’s Falcon antivirus platform, inadvertently sent Windows computers into an endless reboot cycle. Falcon, which runs with deep system access on various devices to detect malware, requires frequent automatic updates to stay ahead of evolving threats. However, this time, the update backfired spectacularly.

The root cause was a flawed configuration file pushed to Falcon. This file was designed to improve detection of a new hacking method but instead triggered a logic error, crashing operating systems globally. Importantly, this wasn’t a kernel driver update as initially suspected, but a configuration file that altered the driver’s functionality.

The impact was unprecedented and far-reaching. Airports saw massive queues form as major airlines temporarily grounded flights. Hospitals in several countries faced disruptions, leading to canceled appointments. Emergency services, including some 911 lines in the US, experienced problems. Even TV stations like Sky News in the UK had to halt live broadcasts.

Windows Blue Screen of Death (BSoD).

CrowdStrike CEO George Kurtz apologized for the disruption, emphasizing that the issue wasn’t due to a cyberattack. He explained that while they’ve identified and fixed the problem, recovery might take time as affected machines need manual intervention to reboot.
This incident highlights the fragility of our interconnected digital infrastructure. Ciaran Martin, former head of the UK’s National Cyber Security Center, called it “an incredibly powerful illustration of our global digital vulnerabilities”.

The event also raises questions about software update practices, especially for security software with deep system access. Jake Williams from Hunter Strategy suggested that this incident might lead to demands for changes in how updates are pushed, noting that “CrowdStrike has just shown why pushing updates without IT intervention is unsustainable”.

As the world grapples with the aftermath, the incident serves as a stark reminder of how a single software update can have cascading effects on global infrastructure. It underscores the need for rigorous testing and failsafe mechanisms in critical software systems, especially those with widespread deployment and deep system access.

 

Also read: Major Cyber Attack Hit Sweden in January 2024

Scroll to Top