The CrowdStrike outage on Friday, July 19th, left many Windows users worldwide unable to access their machines, with knock-on effects on services ranging from healthcare, to aviation, to entire TV channels taken off-air.
Instead of a functioning computer, users were faced with the blue screen of death, or BSOD, a familiar sight to victims of cyber security attacks over the years.
While the incident has been widely reported as a Microsoft IT outage, it was specifically caused by a content configuration update published by CrowdStrike for their Falcon platform, which ironically is intended to protect businesses against malware and cyber attacks.
Due to a missed fault in the update, Falcon itself triggered the biggest cyber security outage 2024 has seen so far – so what exactly happened and what can businesses do to mitigate any risks in the future?
What is CrowdStrike?
CrowdStrike is a provider of cloud-native cyber security solutions including the AI-driven CrowdStrike Falcon platform.
The company dates back to February 2012 and launched its first threat intelligence module in July of that year. CrowdStrike Falcon was introduced in November 2016 as a replacement for the brand’s legacy antivirus software.
Despite the recent incident, overall for CrowdStrike cyber security 2024 has been a landmark year, with the company receiving multiple accolades:
- Named a Gartner Magic Quadrant Leader for Endpoint Protection Platforms
- Named a Forrester Wave Leader for Cloud Workload Security
- Uniquely named Overall Customers’ Choice in Gartner’s 2024 Peer Insights Voice of the Customer for Vulnerability Assessment Report
- Named a Founding Member of the NIST AI Safety Institute Consortium
Unfortunately, a rogue software update triggered the global Microsoft outage, which is likely to be how CrowdStrike’s 2024 is remembered in years to come.
Who exactly did the CrowdStrike outage affect?
The incident was on a massive scale. CrowdStrike’s customer base includes:
- 8 of the 10 biggest financial services firms
- 8 of the 10 biggest technology businesses
- 8 of the 10 biggest food and beverage brands
- 8 of the 10 biggest automotive companies
- 7 of the 10 biggest global manufacturers
- 6 of the top 10 healthcare providers
- 298 Fortune 500 companies
- 538 Fortune 1,000 companies
Microsoft estimated that 8.5 million Windows systems worldwide were affected – less than 1% of all machines, but still a significant number.
Is Microsoft still down?
Despite being triggered by a faulty cybersecurity update, the CrowdStrike outage was specific to Windows machines. As such, Microsoft responded as if the issue were a Microsoft IT outage, deploying hundreds of engineers to work around the clock on a solution.
This included collaborating with major stakeholders like AWS (Amazon Web Services) and GCP (Google Cloud Platform), as well as posting how-to guides and automated scripts for remediation of affected machines.
CrowdStrike also acted quickly to revert the problematic update, and there should be no further ill effects for Windows-based machines.
Where and when did the outage happen?
So, how did the biggest cyber security outage of 2024 begin? The incident can be traced back to 04:09 UTC on July 19th, when CrowdStrike released a Falcon sensor configuration update for Windows systems.
It’s now known that a bug in CrowdStrike’s Content Validator meant that the July 19th update passed a validation test despite containing “problematic content data” which in turn caused an out-of-bounds memory read, triggering the BSOD.
The relevant update was remediated by 05:27 UTC, just 78 minutes after it was issued, but the damage had already been done.
Was Microsoft hacked?
Although this incident was widely reported as a Microsoft IT outage, it was not caused by a cyber attack and was not directly caused by any problems or errors in Microsoft software.
Crucially, it was not triggered by third-party malware and was not a ransomware attack – it was simply a software bug that prevented affected machines from booting Windows successfully.
Ironically, CrowdStrike’s mitigation measures included adding the faulty update file to Falcon’s own “known-bad list” to prevent it from being executed again.
What about cyber security?
This incident highlights the importance of cyber security you can trust, combined with disaster recovery preparedness for all manner of digital business interruptions.
Venom IT’s best-practice cyber security solutions use a SECaaS (Security as a Service) model to give you the benefit of cloud-based outsourced cybersecurity protection with fluid scalability and military-grade defence.
We offer comprehensive cyber security risk assessments to highlight any potential weaknesses or causes for concern in your existing hardware, software and working practices, to close vulnerabilities that cyber terrorists and hackers might exploit.
And with our hosted DRaaS (Disaster Recovery as a Service) solutions, if your data is ever compromised for any reason, we can get you back on track using a full daily backup and/or an hourly snapshot of your entire server.
To find out more – and to protect your IT ecosystem against the dreaded BSOD – contact our team of IT experts today.
