Global IT Outage Caused by CrowdStrike Update Disrupts Banks, Airlines, and Media

On July 18, 2024, a faulty software update from the cybersecurity firm CrowdStrike caused a major global IT outage. This problem affected banks, airlines, healthcare services, and media companies. The update caused CrowdStrike's Falcon Sensor software to crash thousands of Windows computers, making them show the Blue Screen of Death (BSOD) and forcing them into a recovery boot loop.

About CrowdStrike

CrowdStrike, founded in 2011 and based in Austin, Texas, is a leading cybersecurity company. It provides cloud-based security solutions and protects over 538 of the Fortune 1000 companies. Before the outage, CrowdStrike was...

valued at about $83 billion. The company has also investigated major cyberattacks like the 2016 Democratic National Committee (DNC) hack and the 2014 Sony Pictures cyberattack.

The Fallout

The faulty update caused problems worldwide. Australian banks, airlines, and TV broadcasters were among the first to report issues. The problem then spread to Europe and the United States. Some notable incidents included:

• Sky News: The UK broadcaster couldn't air morning news for hours, showing an apology message instead.
• Ryanair: One of Europe’s biggest airlines faced IT issues that affected flight departures.
• FAA: The Federal Aviation Administration helped airlines like Delta, United, and American Airlines with ground stops because of communication problems.
• Berlin Airport: Warned travelers about delays due to technical issues.
• 911 Call Centers: In Alaska, they were also affected, raising serious concerns.

Despite affecting less than one percent of all Windows machines, the outage had a huge impact because many critical services use CrowdStrike’s software.

Microsoft’s Involvement

Though the issue was not caused by Microsoft, its systems were affected. David Weston, Vice President of Enterprise and OS Security at Microsoft, explained how they responded:

1. Working with CrowdStrike: Microsoft helped CrowdStrike create a solution and shared workaround instructions on the Windows Message Center.

2. Deploying Resources: Hundreds of Microsoft engineers worked to help customers restore services.

3. Collaborating with Other Cloud Providers: Microsoft coordinated with Google Cloud Platform (GCP) and Amazon Web Services (AWS) to share information and develop responses.

4. Providing Updates and Support: The Azure Status Dashboard and other channels offered continuous updates and support.

The Technical Challenge

The problem was caused by an update to a driver in CrowdStrike's Falcon software. This update, meant to improve security, instead caused Windows systems to crash. Fixing the problem required IT admins to boot affected machines into safe mode, go to the CrowdStrike directory, and delete a specific system file. This process was especially difficult for cloud-based servers and remote Windows laptops.

CrowdStrike's Response

CrowdStrike’s CEO, George Kurtz, apologized and clarified that the issue was not a cyberattack but a software defect. The company identified the problem, isolated it, and deployed a fix. However, recovering from the problem is still complex and time-consuming.

Conclusion

The CrowdStrike outage shows how interconnected modern IT systems are and the importance of having strong deployment and disaster recovery practices. While such incidents are rare, they highlight the need for constant vigilance and cooperation in the tech industry to reduce the impact of such problems. As affected systems are restored, the focus will be on learning from this event to prevent similar issues in the future.

CrowdStrike, along with Microsoft and other industry partners, is working hard to support affected customers and restore normal operations. The lessons from this incident will help shape future cybersecurity and IT infrastructure management strategies.