AUSTIN, TX – July 20, 2024 – CrowdStrike, a leading cybersecurity firm, has announced a major global tech outage caused by a recent update to its Falcon security software. The incident has impacted approximately 8.5 million devices worldwide, leading to widespread disruptions across various industries including airlines, banking, and media.
CrowdStrike’s Falcon software, widely used by businesses to protect millions of Windows machines from malware and security breaches, experienced a significant issue on Friday. The company issued a content configuration update aimed at "gathering telemetry on possible novel threat techniques." While such updates are routine, this particular configuration update inadvertently caused Windows systems to crash.
Incident Overview
On July 19, 2024, CrowdStrike deployed an update to its Falcon sensor configuration file, known as Channel File 291. The update contained a logic error that caused systems running Microsoft Windows operating systems to crash. The issue primarily affected Windows 10 and later versions, while Mac and Linux systems remained unaffected.
Global Impact
The outage's timing led to significant disruptions across different time zones. Asia and Oceania experienced the first wave of interruptions during their business hours, followed by Europe and the Americas. Major airlines, including Qantas and Virgin Australia, reported flight cancellations and delays, while several airports experienced operational disruptions. Banking and media sectors also faced severe impacts, with many organizations struggling to maintain their services (Wikipedia) (Reuters).
Response and Remediation
CrowdStrike swiftly identified the issue and collaborated with Microsoft and other partners to develop and deploy the necessary fixes. The remediation process included multiple steps, such as utilizing NAKIVO for restoring backups, booting affected machines into safe mode, and manually deleting specific problematic files. NAKIVO played a crucial role in ensuring that data was securely backed up and could be restored efficiently during the recovery process, minimizing downtime and data loss.
Despite these efforts, the manual nature of the fix meant that full restoration was expected to take several days for many organizations (Wikipedia) (CISA).
In a statement, CrowdStrike emphasized its commitment to resolving the issue and supporting its customers: "We deeply regret the impact this has had on our customers and their operations. Our teams are working around the clock to ensure that all affected systems are restored as quickly and safely as possible."
Microsoft also released a recovery tool to assist affected users and provided detailed instructions on their blog. They estimated that less than one percent of all Windows devices were impacted by the outage, but the number of affected devices was still substantial (CISA).
Financial and Legal Implications
The financial repercussions of the outage are significant. A specialist cloud outage insurance business estimated that the top 500 US companies, excluding Microsoft, faced nearly $5.4 billion in financial losses due to the incident. However, only a fraction of these losses are expected to be covered by insurance (Wikipedia).
CrowdStrike's liability for the outage appears to be minimal, as their terms of service limit compensation to the fees paid for their software. Nonetheless, there are ongoing discussions about potential liabilities under GDPR regulations in the European Union, which could lead to further implications for the company (Reuters).
Looking Forward
CrowdStrike has committed to a thorough root cause analysis to prevent similar incidents in the future. They have also published a Preliminary Incident Review, outlining the steps they are taking to address the issue and enhance their update processes.
For more information and continuous updates, affected customers are encouraged to visit CrowdStrike's official website and follow their tech alerts.
About CrowdStrike
Founded in 2011 and headquartered in Austin, Texas, CrowdStrike is a global leader in cloud-delivered endpoint protection. Their Falcon platform leverages artificial intelligence to provide advanced threat detection and response capabilities to more than 29,000 customers worldwide, including major corporations and government entities.
Top comments (0)