How a software update from cyber firm CrowdStrike caused one of the world’s biggest IT blackouts (2024)

In this article

  • CRWD

George Kurtz, co-founder and CEO of CrowdStrike Inc., speaks during the Montgomery Summit in Santa Monica, California.

Patrick T. Fallon | Bloomberg | Getty Images

A fault with an update issued by cybersecurity company CrowdStrike led to a cascade effect among global IT systems Friday, with industries ranging from banking to airlines facing outages.

Banks and health-care providers saw their services disrupted and TV broadcasters went offline as businesses worldwide grappled with the ongoing outage. Air travel has been hit hard, too, with planes grounded and services delayed.

At the heart of the issue is Texas-based cybersecurity vendor CrowdStrike. On Friday, the cybersecurity firm experienced a major disruption following an issue with a software update.

So what happened, exactly? CNBC takes a look.

What is CrowdStrike and what does it do?

CrowdStrike is a cybersecurity vendor that develops software to help companies detect and block hacks. It is used by many of the world's Fortune 500 companies, including major global banks, health-care and energy companies.

CrowdStrike is what's known as an "endpoint security" firm as it uses cloud technology to apply cyber protections to devices that are connected to the internet.

This differs from alternative approaches used by other cyber firms, which involve applying protection directly to back-end server systems.

"Many companies use [CrowdStrike software] and install it on all of their machines across their organization," Nick France, chief technology officer at IT security firm Sectigo, told CNBC's "Squawk Box Europe" on Friday.

"So when an update happens that maybe has problems with it, it causes this problem where the machines reboot, and people can't get back into their computers."

What happened on Friday?

On Friday, people around the world began encountering an error screen known as the "blue screen of death."

This issue — a common problem among PCs, for example if a machine overheats — was the result of an update from CrowdStrikeconcerning its Falcon product.

Falcon is a platform developed by the company that's designed to stop cyber breaches using cloud technology — it is at the heart of the firm's focus on endpoints. CrowdStrike said Friday it is in the process of rolling back the update globally.

CrowdStrike's software requires deep access to a computer's operating system to scan for threats. In the case of Friday's outage, machines running Microsoft's Windows operating system crashed due to a fault in the way a software update issued by CrowdStrike interacted with Windows.

"We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD [blue screen of death]) and get stuck in a restarting state. We approximate impact started around 19:00 UTC on the 18th of July," Microsoft said in an update at 5:40 a.m. ET.

"We can confirm the affected update has been pulled by CrowdStrike. Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance," the company added.

Satnam Narang, senior staff researcher at Tenable, told CNBC on Friday that the outage was "very unprecedented."

"The challenge here is that security software — because it's doing its job to protect organizations — it has to have more privileged access to these machines," he said.

So, while people may be seeing their IT issues as a problem with Windows, "it's not actually a Windows issue, it's related to a faulty or bad update from those security software," Narang added.

A fix has been issued

Earlier, Microsoft said its cloud services had been restored after an outage that affected its Azure services and Microsoft 365 suite of apps in the central U.S. region. A company spokesperson said these are two different and nonrelated issues — one issue relates to Azure, the other is linked to CrowdStrike.

How a software update from cyber firm CrowdStrike caused one of the world’s biggest IT blackouts (2)

watch now

VIDEO3:4703:47

Major global cyber outage hits airlines, banks and media outlets, impacting millions

Squawk Box Europe

They added that they "anticipate a resolution is forthcoming," in respect to the CrowdStrike problem.

CrowdStrike is "actively working with customers impacted by a defect found in a single content update for Windows hosts," CEO George Kurtz said Friday in a update on social media platform X. He added that Mac and Linux hosts are not affected.

"This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,"Kurtz said.

That fix could be hard to implement, though. Andy Grayland, chief information and security officer at threat intelligence firmSilobreaker, said that in order to implement a fix, engineers would have to go into each individual data center running windows.

They'd then have to log in, navigate to a certain CrowdStrike file, delete it and then reboot the entire system, he said.

"Where machines are encrypted, complex encryption keys also need to be entered manually. Unless Microsoft and CrowdStrike (if they are involved) pull something miraculous out of the bag, this could be painful to recover from."

Don’t miss these insights from CNBC PRO

  • Berkshire has eliminated 10% of outstanding shares as Buffett values the enduring power of buybacks
  • Bank of America strategist says it's time to get bearish
  • Morgan Stanley is pounding the table for these stocks, including Apple, ahead of earnings
  • ‘Trump trade’ could stall if Biden drops out of race, analyst says

How a software update from cyber firm CrowdStrike caused one of the world’s biggest IT blackouts (3)

Get a weekly round up of the top tech stories from around the world in your inbox every Friday.

Subscribe
How a software update from cyber firm CrowdStrike caused one of the world’s biggest IT blackouts (2024)

FAQs

How a software update from cyber firm CrowdStrike caused one of the world’s biggest IT blackouts? ›

The issue stemmed from a problem in CrowdStrike's Falcon product, leading to devices running Windows operating systems to crash with the "blue screen of death." The company is currently working to roll back the problematic update. Microsoft clarified that their prior cloud service outage was unrelated.

What caused the CrowdStrike outage? ›

CrowdStrike has released its root cause analysis of the faulty software update that led to a global outage in July. It found one undetected sensor written into an update for its Falcon software caused the system crash.

What is the CrowdStrike issue? ›

CrowdStrike's software doesn't just run on Microsoft Windows; it also runs on Apple's macOS and the Linux OS. But the July outage only affected Microsoft Windows. The root cause of the outage was a faulty sensor configuration update that specifically affected Windows systems.

How one bad CrowdStrike update? ›

The widespread Windows outages have been linked to a software update from cybersecurity giant ​​CrowdStrike. It is believed the issues are not linked to a malicious cyberattack, cybersecurity officials say, but rather stem from a misconfigured/corrupted update that CrowdStrike pushed out to its customers.

What company caused the IT outage? ›

What we know about the global Microsoft outage. A massive outage was caused by what was supposed to be a routine update from the cybersecurity company CrowdStrike. A routine software update caused cascading chaos Friday that has engulfed global businesses from airports and banks to retail and law enforcement.

Why did CrowdStrike drop so much? ›

Key Points. CrowdStrike stock hit an all-time high at the beginning of July, but a software defect sent shares cratering. The company could be forced to pay for damages, and it might lose out on new business, which is why investors are selling.

Did CrowdStrike cause Microsoft outage? ›

Synopsis. Microsoft experienced a global outage on Thursday due to an issue with CrowdStrike's Falcon Sensor software, causing widespread disruptions and triggering the 'Blue Screen of Death' on Windows PCs.

What caused the global outage? ›

Related article What is CrowdStrike, the company linked to the global outage? The company said the outage was not caused by a security incident or a cyberattack, but rather a software defect. The issue was identified and isolated, and engineers deployed an update to fix the problem, CrowdStrike CEO George Kurtz said.

Why did Microsoft's outage happen? ›

According to a report by The Sydney Morning Herald, “The outage was caused by a fault in the “Falcon sensor” used by US-based cybersecurity provider CrowdStrike. The sensor is installed on many business computers to gather security data. The fault had a major impact on Microsoft systems worldwide.

Does the US government use CrowdStrike? ›

Crowdstrike is in wide use across federal agencies and it is a key vendor on the governmentwide Continuous Diagnostics and Mitigation cybersecurity support services contract.

Why did CrowdStrike cause Windows crash? ›

Bottom line: An issue with the software that checks CrowdStrike updates are working properly meant that the firm missed a problem with a content file. The update was pushed out to Windows systems, causing them to crash.

Can CrowdStrike be trusted? ›

Third-party testing results. The CrowdStrike Falcon® platform delivered 100% ransomware detection and protection with zero false positives in winning the AAA Enterprise Advanced Security Award.

What is CrowdStrike vulnerability? ›

Vulnerability assessment is the ongoing, regular process of defining, identifying, classifying and reporting cyber vulnerabilities across endpoints, workloads, and systems.

What is a cyber outage? ›

An Internet outage or Internet blackout or Internet shutdown is the complete or partial failure of the internet services. It can occur due to censorship, cyberattacks, disasters, police or security services actions or errors.

Is CrowdStrike a cyber security company? ›

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.

How did the CrowdStrike incident happen? ›

The sensor expected 20 input fields, but the update provided 21 input fields. “In this instance, the mismatch resulted in an out-of-bounds memory read, causing a system crash,” CrowdStrike wrote.

How did CrowdStrike break? ›

How did CrowdStrike cause the global outage? The global outage stems from an update CrowdStrike made to its marquee cybersecurity platform, a cloud-based software product called Falcon.

What bug was in CrowdStrike? ›

A glitch meant the system did not identify “problematic content data” in a file, according to CrowdStrike, meaning that computers running Microsoft's Windows operating system crashed and showed the now-infamous 'Blue Screen of Death'. CrowdStrike's Falcon Sensor has been cited as the cause.

What happened in the Global IT outage? ›

The outage was caused by a defect found in a Falcon content update for Windows hosts, he said, meaning Mac and Linux hosts were not impacted. "All of CrowdStrike understands the gravity and impact of the situation," he said.

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Tyson Zemlak

Last Updated:

Views: 5231

Rating: 4.2 / 5 (43 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Tyson Zemlak

Birthday: 1992-03-17

Address: Apt. 662 96191 Quigley Dam, Kubview, MA 42013

Phone: +441678032891

Job: Community-Services Orchestrator

Hobby: Coffee roasting, Calligraphy, Metalworking, Fashion, Vehicle restoration, Shopping, Photography

Introduction: My name is Tyson Zemlak, I am a excited, light, sparkling, super, open, fair, magnificent person who loves writing and wants to share my knowledge and understanding with you.