Impacting over 8.5 million Windows devices worldwide, cybersecurity firm CrowdStrike was responsible for the biggest global cyber outage on July 19, 2024. A routine software update inadvertently crashed customers’ Windows systems, compromising millions of PCs. Bank customers couldn’t access their funds, travelers were stranded at airports, and patients faced long waits in hospitals. The estimated loss to major enterprises from the outage is estimated at $5.4 billion.
The Cybersecurity and Infrastructure Security Agency (CISA) announced in an initial alert, “We are aware of the widespread outage affecting Microsoft Windows hosts due to an issue with a recent CrowdStrike update and are working closely with CrowdStrike and federal, state, local, tribal, and territorial (SLTT) partners, as well as critical infrastructure and international partners, to assess impacts and support remediation efforts.”
The update was intended to enhance the company's core cybersecurity mission by detecting emerging threats and gathering data on possible novel threat techniques. However, an error within the software update triggered a critical problem, causing affected systems to display the infamous Windows “Blue Screen of Death.”
More recently, on July 30, Microsoft announced it was investigating widespread outages affecting Office applications and services. They acknowledged access issues and degraded performance across multiple Microsoft 365 services, providing updates under MO842351 in the admin center. The outages impacted users globally, including retailers like Starbucks. A Starbucks spokesperson confirmed that their customers briefly lost access to the app's mobile order and pay feature, but the issue was resolved by the afternoon.
CrowdStrike is now facing a lawsuit from its shareholders, who allege that the company made "false and misleading" statements about its software testing protocols. The lawsuit, filed in federal court in Austin, Texas, claims that CrowdStrike executives misled investors into believing that the company's software updates were adequately tested. The plaintiffs seek unspecified compensation for investors who owned CrowdStrike shares between November 29 and July 29. CrowdStrike has denied the allegations and vowed to defend itself against the proposed class action lawsuit. The company explained that the incident was caused by a "bug" in a system designed to ensure the proper functioning of software updates. The glitch allowed "problematic content data" in a file to go undetected. CrowdStrike is now committed to preventing such incidents in the future through improved software testing and more rigorous checks, including enhanced scrutiny from developers.
Microsoft recently provided more details on the ripple effect of the CrowdStrike outage. David Weston, VP of enterprise and OS security, emphasized the need to reduce cybersecurity vendors' reliance on kernel drivers. Weston explained that Microsoft assessed the impact of the outage using crash reports voluntarily shared by customers. Since not all customers share these reports, the data represents only a subset of the affected devices.
Kernel drivers, like those used by CrowdStrike, can enhance performance and prevent tampering but come with significant risks due to their high-level privileges. Weston further explained that security vendors must balance the benefits of kernel drivers with their potential risks. He believes that organizations can maintain robust security while minimizing kernel usage and reducing vulnerabilities.
As the dust settles, it is clear that the CrowdStrike incident will serve as a case study for years to come, prompting companies across all sectors to fortify their defenses and rethink their approach to software update management. Businesses should start taking precautions now to strengthen their supply chains against disruptions, ensuring smooth operations and preventing costly bottlenecks.