If you have avoided the papers, online news, social media, mainstream news and TV, and did not have to fly, you may have missed that CrowdStrike, Microsoft and world IT had a bad day last Friday. I did not write about the incident then as I wanted the 24hr news cycle hype to subside and I wanted to see what the hi-tech press and the vendors themselves had to say about the event. (Ilascu, 2024)
What happened?
CrowdStrike, a company that specialises in cyber security solutions for global corporate customers, issued an automated update to one of its key components, including, unfortunately, an error that had been missed during the upgrades testing phase. Once it was deployed to Windows endpoints this flawed patch caused those machines to crash. This was the “Blue Screen of Death” that the mainstream media referred to so often.
The issue for users then became more difficult as a simple reboot did not sort the problem and the offending update had to be removed in “safe mode” with a number of reboots required. This is a process the average user may find difficult, requiring IT experts to get involved. However, as the machine would not start these experts could not login remotely, they had to visit the broken PCs or talk less IT able people through the processes.
It was not Microsoft!
Although the fault impacted Microsoft Windows in a dramatic and public way, it was not the fault of Microsoft. It was the CrowdStrike software failing to work correctly following their update. It would be interesting to find out how much contact a global player like CrowdStrike has with Microsoft during any software update development program.
Swap to Macs?
I got a call from one of Octagon’s IT clients about this issue – they were concerned about their business if their Windows machines went down and wanted to know should they switch to Macs?
There are a couple of points here. Octagon does not supply CrowdStrike solutions to their clients – no software, no updates, no problems.
Switching to Macs would have protected them from a non-existent problem and the Mac and Linux versions of the broken software still worked. But of course next time it could be the Mac software that is faulty.
You need a better incident response plan than that. Off the top of my head, if a Windows PC is that critical to your operations then a spare that is kept “one step behind on updates” could be a solution.
Updates? Who needs them?
I am always advocating keeping systems up-to-date with security patches and updates – as does every other cyber security expert. It is unpatched flaws in systems that are open doors for threat actors into your systems. But of course the 8.5+ million Microsoft Windows machines brought down by this issue, were only compromised because of an update issued by a reputable international company for a well-respected piece of software.
I have no answer to this except:
- You need an incident response plan.
- Do not skip updates and patches.
What CrowdStrike says:
Here is a link to CrowdStrike’s incident statement, remediation and a message from their CEO.
Falcon Content Update Remediation and Guidance Hub | CrowdStrike
Next
The cyber security consequences of the CrowdStrike problem.
Clive Catton MSc (Cyber Security) – by-line and other articles
References
Ilascu, I. (2024, July 19). CrowdStrike update crashes Windows systems, causes outages worldwide. BleepingComputer. https://www.bleepingcomputer.com/news/security/crowdstrike-update-crashes-windows-systems-causes-outages-worldwide/
