Key points:
- CrowdStrike’s faulty software update affected approximately 8.5 million Windows devices globally.
- The outage impacted critical services including airports, banks, and hospitals.
- Microsoft released a USB tool to help IT administrators repair affected Windows systems.
- Chinese cybersecurity firms used the incident to promote their own products.
- Experts suggest the update likely skipped necessary quality checks before deployment.
On July 19, 2024, a routine software update from cybersecurity company CrowdStrike caused widespread disruption to computer systems around the world. The update, which was meant to improve security, instead resulted in one of the largest tech outages in recent years.
According to Microsoft, about 8.5 million Windows devices were affected by the faulty update. While this represents less than one percent of all Windows machines, the impact was significant due to CrowdStrike’s popularity among businesses that run critical services.
The problem began when CrowdStrike pushed a sensor configuration update at 04:09 UTC on July 19. This update contained a logic error that caused Windows systems to crash, displaying the infamous “blue screen of death.” The outage affected a wide range of organizations, including airports, banks, and hospitals.
In response to the crisis, Microsoft deployed hundreds of engineers to work directly with customers to restore services. On July 21, the company released a USB tool to help IT administrators repair affected Windows clients and servers. To use this tool, users need a 64-bit Windows client with at least 8GB of free space and administrative privileges.
CrowdStrike also provided a technical alert with information about the issue and steps organizations could take to fix the problem. However, experts noted that getting systems back online would take time, as it required manually removing the flawed code.
Security experts suggested that the update likely skipped necessary quality checks before being deployed. Steve Cobb, chief security officer at Security Scorecard, speculated that the vetting or sandboxing process may have missed the problematic file. Patrick Wardle, a security researcher, identified that the issue was in a file containing configuration information or signatures used to detect malware.
The global impact of this outage highlights CrowdStrike’s significant market presence. The company’s software is used by over half of Fortune 500 companies and many government bodies, including the U.S. Cybersecurity and Infrastructure Security Agency.
In China, where the impact was limited to foreign businesses and luxury hotels, local cybersecurity firms saw an opportunity.
Companies like 360 Security Technology and QAX used the incident to promote their own products, emphasizing reliability and the importance of thorough evaluation when selecting security software.
This event adds to Beijing’s reasons for seeking technological self-reliance, especially in the face of mounting export restrictions and sanctions from Washington. China’s cybersecurity market is already dominated by local players, with the government having phased out software from foreign companies like Kaspersky Lab and Symantec over the past decade.
The incident also had financial repercussions. CrowdStrike’s shares fell 11.1% on the Nasdaq on July 21, while some of its competitors, such as SentinelOne and Palo Alto Networks, saw their stock prices rise.
As of July 22, many affected organizations were still dealing with the fallout. The Hong Kong International Airport, whose passenger check-in system had collapsed, announced that operations had returned to normal on July 22
As the dust settles, both CrowdStrike and its clients will likely be reviewing their processes to prevent similar incidents in the future. The tech industry as a whole may also take this as a lesson in the importance of careful deployment and disaster recovery planning.
