Windows experiencing downtime due to Crowdstrike update
In a surprising turn of events, cybersecurity firm CrowdStrike has identified an issue with a recent update to their Windows sensor, which affected approximately 8.5 million devices worldwide. This represents less than one percent of all Windows machines, and it's important to note that Mac and Linux hosts were not impacted.
The problematic update, revealed in a Preliminary Post Incident Review (PIR) released on July 19, 2024, caused system crashes for hosts running sensor version 7.11 and above that were online between 04:09 UTC and 05:27 UTC on the same day.
CrowdStrike moved swiftly to address the issue, collaborating closely with their internal incident response team to identify and remediate the faulty update. The flawed update was corrected within about an hour after deployment, preventing a broader impact.
In response to the issue, CrowdStrike has provided a workaround to address this issue and has issued a public statement. Instructions to remedy the situation on Windows endpoints can be found on the Windows Message Center.
Microsoft has also been actively involved in the situation, deploying hundreds of engineers and experts to work directly with customers to restore services. The company has also collaborated with other cloud providers and stakeholders, including Google Cloud Platform (GCP) and Amazon Web Services (AWS), to share awareness on the impact of the incident and inform ongoing conversations with CrowdStrike and customers.
The Australian Cyber Security Centre has issued a 'critical' alert for organizations or individuals that have been impacted or require assistance, with contact details and alerts available at https://www.cyber.gov.au.
Microsoft is also aware of the issue and has posted manual remediation documentation and scripts. The defect in the content update was reverted on July 19, 2024 at 05:27 UTC.
CrowdStrike's shares have taken a hit as a result of this incident, with their value plummeting by more than 20% in unofficial pre-market trading in the US, translating to a staggering $16 billion loss in value.
This incident serves as a reminder for businesses to demand rigorous testing and transparency from their vendors, especially as there is a growing shift towards consolidating security tools into integrated platforms. Omdia's Cloud and Data Center analysts have warned about over-reliance on cloud services, and today's outages may make enterprises rethink moving mission-critical applications off-premises.
In a meeting held by the Australian Government, the National Coordination Mechanism, there was no evidence of a cyber-security incident found in relation to this update. The status of the incident can be monitored through the Azure Status Dashboard. Microsoft is actively engaged with CrowdStrike to automate the development of a solution to prevent such incidents in the future.
