CrowdStrike Glitch Crashes Microsoft Computers
What Happened?
On Jul 19th, 2024 a buggy software update by CrowdStrike (CRWD) caused the biggest IT outage in US history to date. This impacted airlines, banks, hospitals, 911 centers, UPS, Amazon, credit card processing, ATM machines worldwide.
Businesses had to resort to paper and pen. A humbling wake up call on just how dependent we are on technology. Here is a map of airlines nationwide on this day, before and after:
What does CrowdStrike Do?
CrowdStrike is a good company. The cybersecurity firm provides security software for local and cloud based applications to more than 50% of Fortune 500 companies including 8 of the top 10 financial institutions. In this case, the content update was tied to the CrowdStrike Falcon monitoring software.
How is Microsoft Involved?
The fortune 500 companies that are affected, are hosted on Microsoft Windows operating systems. CRWD provided an update to THEIR software for those running on Microsoft Windows by way of a Windows update. That update by CRWD, crashed some Microsoft Windows Computers with the infamous BSOD (blue screen of death).
Was This a Hack Attempt?
According to CRWD, this was not a cyberattack but rather a mistake or defect in the programming code in the update that they released. They identified the issue right way, isolated this situation and have already provided a fix for it. The CEO provided a public apology to it’s customers and assured them that a fix is being deployed.
Who was Affected?
Since more than 50% of large corporations are hosted in the cloud and secured by CRWD software, many companies were impacted across the globe. This includes, but not limited to, 911 operation centers, hospitals, grounding airlines worldwide, delaying deliveries, access to ATM machines, banks and more.
How Does it Affect You?
As an end user, you may not be affected at all. However, since most of us use Microsoft Office 365 now which is hosted on one of the larger companies it is possible.
If you have any software on your local computer that utilizes CrowdStrike, you could be at risk. To confirm, navigate to this location and see if you have a CrowdStrike Folder: C:\Windows\System32\drivers\CrowdStrike . If you do NOT see that folder, then you are you are not using CrowdStrike locally and you should be good.
Expect Some Delays
You can expect some level of delay in UPS, Amazon, Fedex shipments, credit card payments, etc. But relax it is only temporary and should be resolved in the next couple of days. You may see a message like this one on Amazon today:
What Can You Do Now?
- Disable or at least pause MS Automatic Windows updates, see ‘Workaround’ below for details.
- Make sure you have a solid backup solution and it is working.
- Double check your Online Security (browser, passwords etc) see this page for details.
- Contact your bank to see if they were impacted and if any services are delayed or disrupted.
- If you are a credit card merchant, you may wish to contact your processing company.
- Run a FULL scan with your Antivirus/malware program to give you peace of mind.
How Can One Company Have SO Much Control?
Although CRWD is a great company, they may have too much of a monopoly on the security software industry.
I am surprised that ONE company can have so much control over our vital infrastructure. Imagine the chaos if this situation was caused by a real cyberattack and took down our power grid, that would be unthinkable.
Single Point of Failure – A term used by the IT industry when one error causes a domino effect taking down industries, communications etc in a broad sweeping outages. Obviously not a good idea.
This puts the US in a technically vulnerable position. Perhaps it is time to spread the cybersecurity responsibility across multiple companies for more redundancy and reduced risk? Businesses would be wise to implement a ‘manual’ redundancy plan to keep operations working in the event of an IT failure. Yes that means pen and paper.
About Automatic Windows Updates
NTI has always been an advocate of allowing the end user to decide when Windows updates are installed and applied. However, since Windows 10/11 Microsoft has essentially disabled that function. Automatic Windows Updates are turned ON by default.
This global outage is a good example of what can happen when a single Windows update is applied too soon, or all at once. CrownStrike has a massive customer base. It would have been better to roll out this update in stages vs all all once as they did. This way, the problem could have been isolated sooner and prevented such a catastrophic IT outage.
It is important to note, the newest updates and drivers are NOT always the best. NTI has a conservative approach to this and we do NOT recommend jumping on the latest updates (particularly video drivers) as soon as they are released. Let the dust settle to the point where the update can stabilize, this is always a good practice.
Remember, when in doubt….’do nothing’.
Workaround: For Windows 10/11 users if you are a little technical, you can apply these actions to disable or pause windows updates.