Experts are warning that the widespread IT outages caused by a faulty CrowdStrike update will require a lengthy remediation period as disruption continues to wreak havoc globally.
On the morning of 19 July, organizations in Australia and India began warning they were experiencing significant outages with their Windows machines.
This snowballed into global disruption as the rest of the world woke up to start their work day, with banks, airlines, broadcasters, and more all being confronted with the dreaded Windows blue screen of death (BSOD).
CrowdStrike has since confirmed it is the source of the issue, with CEO George Kurtz revealing via X that the incident was caused by a "defect found in a single content update for Windows hosts".
Maxine Holt, senior director of cybersecurity at research firm Omdia, outlined the scale of the issue, which some are calling the largest IT outage of all time.
“The global IT outage crisis is escalating, and organizations everywhere are in full scramble mode, desperately implementing workarounds to keep their businesses afloat,” she stated.
“CrowdStrike admits to a ‘defect found in a single content update for Windows hosts’ and is working feverishly with affected customers,” Holt added.
Adam Leon Smith, BCS Fellow and cybersecurity expert, said the incident underscores the difficult balancing act software vendors must make between releasing updates in a timely manner, while ensuring they don’t end up breaking the systems they are intended to protect.
“People want to get security updates rolled out as quickly as possible because that helps prevent against what we call 'zero-day' attacks; that is new ways that actors are found to compromise systems,” he explained.
“There's a trade-off here between the speed of ensuring that systems get protected against new threats and the due diligence done to protect the system's resilience and stop things like this incident from happening."
Workarounds for IT outage will be a “nightmare” for customers
In a statement acknowledging the incident, CrowdStrike reassured users its team is fully mobilized to ensure security and stability of customers, providing a series of workarounds for individual hosts and public cloud systems.
Leon Smith added that although fixes have started to trickle out since the disruption began, because it is forcing so many machines into boot loops or the BSOD, it could be some time before the majority of systems are back online.
"In some cases, the fix may be applied very quickly, but because it has to be applied to so many computers around the world, that may take longer than it sounds,” he said.
“But if computers have reacted in a way that means they're getting into blue screens and endless loops it may be difficult to restore, and that could take days and weeks.”
RELATED WEBINAR
Holt echoed Leon Smith’s concerns, confessing the workaround will be difficult to implement for many customers.
“The workaround, involving booting into safe mode, is a nightmare for cloud customers. Cloud-dependent businesses are facing severe disruptions.”
But Smith did note things could have been much worse, pointing out that a similar issue affecting Linux would have caused far more significant issues by virtue of its use in more critical systems and services.
"We have to realize this could have been a lot worse. Microsoft Windows isn't the main operating system used for mission-critical systems. It's Linux.”
Steve Sands, chair of the BCS Information Security Specialist Group said businesses should focus on getting the systems back online instead of trying to understand how the outage happened.
He further emphasized that the incident should stand as a reminder of how important software resilience is.
“I sincerely hope that today’s CrowdStrike issues raise awareness and create some much-needed urgency to continue this vital conversation… My advice would be to focus on restoring your own IT systems (following the advice of the vendors) and leave the providers and the industry to work on understanding how this happened and learning the lessons.”
-
Anthropic CEO Dario Amodei's prediction about AI in software development is nowhere nearly to becoming a realityNews In March, Anthropic CEO Dario Amodei claimed up to 90% of code would be written by AI within six months – his prediction hasn't quite come to fruition.
-
Veracode bolsters leadership team for next growth chapterNews The application security vendor has named Anthony Barkley as chief strategy officer and Diana Bushard as general counsel
-
UK government programmers trialed AI coding assistants from Microsoft, GitHub, and Google – here's what they foundNews Developers participating in a trial of AI coding tools from Google, Microsoft, and GitHub reported big time savings, with 58% saying they now couldn't work without them.
-
Salesforce says ‘Microsoft’s anticompetitive tying of Teams' harmed business in triumphant response to EU concessions agreementNews Microsoft has agreed to make versions of its Office solutions suite available without Teams – and at a reduced price
-
US Senator calls for Microsoft FTC probe over ‘gross cybersecurity negligence’ – Ron Wyden claims the tech giant has provided ‘dangerous, insecure software’ to the US governmentNews Ron Wyden, a Democratic senator from Oregon, has written to the chair of the FTC calling for an investigation into Microsoft's cyber practices.
-
Microsoft touts new Copilot features in Excel, but says you shouldn’t use them if you want accurate resultsNews Microsoft has warned against using new AI features in Excel for “tasks with legal, regulatory, or compliance implications” – so when can you use it?
-
A senior Microsoft exec says future Windows versions will offer more interactive, ‘multimodal’ experiencesNews With speculation over a Windows 12 reveal mounting, a senior company figure claims the new operating system will mark a step change for users
-
Microsoft says AI is finally having a 'meaningful impact' on developer productivity – and 80% 'would be sad if they could no longer use it'News Researchers at Microsoft wanted to demystify how AI is being used by software developers – their findings show the benefits are finally becoming clear.
-
Microsoft’s botched August updates wiped SSDs, now it’s breaking PC resets and recoveries on WindowsNews An out-of-band patch has been issued by Microsoft to fix a flaw introduced by its August update
-
A Windows 11 update bug is breaking SSDs – here’s what you can do to prevent itNews Users first began reporting the Windows 11 update bug last week
