Virendra Pandit
New Delhi: A software update caused one of the world’s biggest information technology blackouts on Friday, severely affecting industries ranging from banks, stock markets, airlines, etc for about 12 hours.
A Microsoft operating system outage hit IT systems globally at 6 pm EST on July 18. Several hospitals, police stations, airlines, and media houses were left crippled. This is how the “Blue Screen of Death” wreaked havoc in the US for 12 hours, according to the media reports.”
All this began with a Texas-based cybersecurity firm, CrowdStrike, experiencing a major disruption following a software update-related issue. This caused Microsoft’s Windows to crash because of a fault in the way CrowdStrike’s software update interacted with Windows.
Banks and healthcare providers saw their services disrupted and TV broadcasters went offline as businesses worldwide grappled with the ongoing outage. Air travel was also hit hard, aircraft grounded, and services delayed.
CrowdStrike is a cybersecurity vendor that develops software to help companies detect and block hacks. It is used by many of the world’s Fortune 500 companies, including major global banks, and healthcare and energy companies. It’s an “endpoint security” firm as it uses cloud technology to apply cyber protections to devices that are connected to the Internet.
On Friday, users worldwide encountered an error screen known as the “blue screen of death.”
This issue — a common problem among PCs, for example, if a machine overheats — was the result of an update from the cybersecurity firm concerning its Falcon product.
Falcon is a platform developed by the company that’s designed to stop cyber breaches using cloud technology — it is at the heart of the firm’s focus on endpoints. CrowdStrike said Friday it is in the process of rolling back the update globally.
CrowdStrike’s software requires deep access to a computer’s operating system to scan for threats. In the case of Friday’s outage, machines running Microsoft’s Windows operating system crashed due to a fault in the way a software update issued by CrowdStrike interacted with Windows.
“We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD [blue screen of death]) and get stuck in a restarting state. We approximate impact started around 19:00 UTC on the 18th of July,” Microsoft said in an update at 5:40 a.m. ET.
“We can confirm the affected update has been pulled by CrowdStrike. Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance,” the company added.
Earlier, Microsoft said its cloud services had been restored after an outage that affected its Azure services and Microsoft 365 suite of apps in the central US region. A company spokesperson said these are two different and non-related issues — one issue relates to Azure, and the other is linked to CrowdStrike.
CrowdStrike is “actively working with customers impacted by a defect found in a single content update for Windows hosts,” CEO George Kurtz said Friday in an update on social media platform X. He added that Mac and Linux hosts are not affected.
“This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” Kurtz said.
That fix could be hard to implement, though. Andy Grayland, chief information and security officer at threat intelligence firm Silobreaker, said that to implement a fix, engineers would have to go into each data center running Windows.
They’d then have to log in, navigate to a certain CrowdStrike file, delete it, and then reboot the entire system, he said.
“Where machines are encrypted, complex encryption keys also need to be entered manually. Unless Microsoft and CrowdStrike (if they are involved) pull something miraculous out of the bag, this could be painful to recover from.”