A ‘blue screen of death loop’: How a Crowdstrike update crashed Microsoft systems around the world
US cybersecurity company Crowdstrike has experienced major technical issues, affecting online servers worldwide, disrupting many airports, railways, telecoms companies, media organisations and the NHS.
But what is Crowdstrike, and how has it caused a global IT outage?
What is Crowdstrike?
While the exact cause of the outage remains unclear, widespread disruptions to Microsoft Windows systems are believed to be due to a faulty update to Crowdstrike, a well-known malware tool used by businesses, governments, and other organisations worldwide.
The Texas-based firm specialises in protecting computers and data from cyberattacks.
Crowdstrike Falcon, the company’s flagship product and the reported source of today’s tech crash, acts like an antivirus, using artificial intelligence and machine learning to detect and prevent threats.
It also provides threat intelligence, incident response services, and cloud protection to help clients defend themselves against and recover quickly from cyber attacks.
So, what triggered the Microsoft crash
From what is known so far, an update to Crowdstrike’s software has triggered a ‘blue screen of death’ loop on affected Microsoft Windows machines, causing them to boot and crash repeatedly.
An automatic overnight installation of the update on multiple Windows systems has exacerbated the issue.
“It’s definitely a supply chain style incident,” explained Ilkka Turunen, chief technology officer at software company Sonatype, “what it shows is that one popular vendor botching an update can have a huge impact on its customers and how far a single well-orchestrated update can spread in a single night.
“It’s not yet clear if the contents were due to malicious reasons, but it shows how quickly targeted attacks on popular vendors could spread,” Turunen added.
A Microsoft spokesperson said: “We are aware of issue affecting a subset of customers. We acknowledge the impact this can have on customers, and we are working to restore services for those still experiencing disruptions as quickly as possible.”
Crowdstrike has said the company is actively working with impacted customers but the Nasdaq-listed stock has crashed nearly 14 per cent in pre-market trading.
Crowdstrike president and chief executive George Kurtz issued a statement, saying “this is not a security incident or cyberattack”.
“The issue has been identified, isolated and a fix has been deployed,” he said, “We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.
“We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
Commenting on the incident, Jake Moore, global cybersecurity advisor at ESET, said one aspect of it is due to a lack of diversity in the use of large-scale IT infrastructure. He said: “This applies to critical systems like operating systems (OSes), cybersecurity products and other globally deployed (scaled) applications.
“Where diversity is low, a single technical incident, not to mention a security issue, can lead to global-scale outages with subsequent knock-on effects.”