How a software update from cyber firm CrowdStrike caused one of the world’s biggest IT blackouts (2024)

In this article

  • CRWD

George Kurtz, co-founder and CEO of CrowdStrike Inc., speaks during the Montgomery Summit in Santa Monica, California.

Patrick T. Fallon | Bloomberg | Getty Images

A fault with an update issued by cybersecurity company CrowdStrike led to a cascade effect among global IT systems Friday, with industries ranging from banking to airlines facing outages.

Banks and health-care providers saw their services disrupted and TV broadcasters went offline as businesses worldwide grappled with the ongoing outage. Air travel has been hit hard, too, with planes grounded and services delayed.

At the heart of the issue is Texas-based cybersecurity vendor CrowdStrike. On Friday, the cybersecurity firm experienced a major disruption following an issue with a software update.

So what happened, exactly? CNBC takes a look.

What is CrowdStrike and what does it do?

CrowdStrike is a cybersecurity vendor that develops software to help companies detect and block hacks. It is used by many of the world's Fortune 500 companies, including major global banks, health-care and energy companies.

CrowdStrike is what's known as an "endpoint security" firm as it uses cloud technology to apply cyber protections to devices that are connected to the internet.

This differs from alternative approaches used by other cyber firms, which involve applying protection directly to back-end server systems.

"Many companies use [CrowdStrike software] and install it on all of their machines across their organization," Nick France, chief technology officer at IT security firm Sectigo, told CNBC's "Squawk Box Europe" on Friday.

"So when an update happens that maybe has problems with it, it causes this problem where the machines reboot, and people can't get back into their computers."

What happened on Friday?

On Friday, people around the world began encountering an error screen known as the "blue screen of death."

This issue — a common problem among PCs, for example if a machine overheats — was the result of an update from CrowdStrikeconcerning its Falcon product.

Falcon is a platform developed by the company that's designed to stop cyber breaches using cloud technology — it is at the heart of the firm's focus on endpoints. CrowdStrike said Friday it is in the process of rolling back the update globally.

CrowdStrike's software requires deep access to a computer's operating system to scan for threats. In the case of Friday's outage, machines running Microsoft's Windows operating system crashed due to a fault in the way a software update issued by CrowdStrike interacted with Windows.

"We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD [blue screen of death]) and get stuck in a restarting state. We approximate impact started around 19:00 UTC on the 18th of July," Microsoft said in an update at 5:40 a.m. ET.

"We can confirm the affected update has been pulled by CrowdStrike. Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance," the company added.

Satnam Narang, senior staff researcher at Tenable, told CNBC on Friday that the outage was "very unprecedented."

"The challenge here is that security software — because it's doing its job to protect organizations — it has to have more privileged access to these machines," he said.

So, while people may be seeing their IT issues as a problem with Windows, "it's not actually a Windows issue, it's related to a faulty or bad update from those security software," Narang added.

A fix has been issued

Earlier, Microsoft said its cloud services had been restored after an outage that affected its Azure services and Microsoft 365 suite of apps in the central U.S. region. A company spokesperson said these are two different and nonrelated issues — one issue relates to Azure, the other is linked to CrowdStrike.

How a software update from cyber firm CrowdStrike caused one of the world’s biggest IT blackouts (2)

watch now

VIDEO3:4703:47

Major global cyber outage hits airlines, banks and media outlets, impacting millions

Squawk Box Europe

They added that they "anticipate a resolution is forthcoming," in respect to the CrowdStrike problem.

CrowdStrike is "actively working with customers impacted by a defect found in a single content update for Windows hosts," CEO George Kurtz said Friday in a update on social media platform X. He added that Mac and Linux hosts are not affected.

"This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,"Kurtz said.

That fix could be hard to implement, though. Andy Grayland, chief information and security officer at threat intelligence firmSilobreaker, said that in order to implement a fix, engineers would have to go into each individual data center running windows.

They'd then have to log in, navigate to a certain CrowdStrike file, delete it and then reboot the entire system, he said.

"Where machines are encrypted, complex encryption keys also need to be entered manually. Unless Microsoft and CrowdStrike (if they are involved) pull something miraculous out of the bag, this could be painful to recover from."

Don’t miss these insights from CNBC PRO

  • Berkshire has eliminated 10% of outstanding shares as Buffett values the enduring power of buybacks
  • Bank of America strategist says it's time to get bearish
  • Morgan Stanley is pounding the table for these stocks, including Apple, ahead of earnings
  • ‘Trump trade’ could stall if Biden drops out of race, analyst says

How a software update from cyber firm CrowdStrike caused one of the world’s biggest IT blackouts (3)

Get a weekly round up of the top tech stories from around the world in your inbox every Friday.

Subscribe
How a software update from cyber firm CrowdStrike caused one of the world’s biggest IT blackouts (2024)

FAQs

How a software update from cyber firm CrowdStrike caused one of the world’s biggest IT blackouts? ›

CrowdStrike's Falcon product was the culprit, and Windows operating systems took the hit. CrowdStrike acknowledged fault, with CEO George Kurtz issuing a public apology. Kurtz stated that the update “had a software bug in it” that caused an issue with the Microsoft operating system.

Did the CrowdStrike update cause a global outage? ›

The global outage began last Friday when CrowdStrike released a defective sensor configuration update for its Falcon platform that caused Windows devices to crash and enter reboot loops. Microsoft said only 8.5 million Windows devices were affected by the error -- less than 1% of the total.

What was the cause of the CrowdStrike outage? ›

The CrowdStrike incident was caused by a faulty update rather than a cyberattack. How have hackers taken advantage of the situation? Although the outage was not a cyberattack, hackers quickly capitalized on the chaos.

What was the problem with the CrowdStrike update? ›

The root cause of the outage was a faulty sensor configuration update that specifically affected Windows systems. The channel file 291 update was never issued to macOS or Linux systems as the update deals with named pipe execution that only occurs on the Microsoft Windows OS.

What is the root cause of CrowdStrike failure? ›

The main issue was a mismatch between the input fields expected by CrowdStrike's Falcon driver and the ones supplied in a content update. CrowdStrike is now promising to better test updates and is using two independent third-party software security vendors to review its sensor code and release processes.

Why did CrowdStrike drop so much? ›

CrowdStrike CRWD said a faulty update was the reason behind the massive technology outage that affected millions of users in the early hours of July 19. Customers using the firm's security platform were locked out of their Windows devices.

What is causing the Global IT outage? ›

What caused the outage. The disruption was caused by a flawed update to a cloud-based security software of CrowdStrike, one of the global top cybersecurity companies.

What are the consequences of the CrowdStrike? ›

The Consequences Of The CrowdStrike Update : 1A It's been called the largest IT outage in history. A simple security update took down over 8 million machines, affecting industries from airlines to broadcast news to hospitals.

Does the US government use CrowdStrike? ›

Get the latest federal technology news delivered to your inbox. The extent of the impact on federal government operations is still not known. Crowdstrike is in wide use across federal agencies and it is a key vendor on the governmentwide Continuous Diagnostics and Mitigation cybersecurity support services contract.

What went wrong at CrowdStrike? ›

Indeed, CrowdStrike says the “problematic Rapid Response Content configuration update resulted in a Windows system crash.” “When received by the sensor and loaded into the Content Interpreter, problematic content in Channel File 291 resulted in an out-of-bounds memory read triggering an exception,” CrowdStrike writes.

How did CrowdStrike outage happen on Reddit? ›

Microsoft confirms the analysis done by CrowdStrike last week. The crash was due to a read-out-of-bounds memory safety error in CrowdStrike's CSagent. sys driver.

How much damage did CrowdStrike cause? ›

The CrowdStrike incident. On July 19, 2024, 8.5 million Windows systems failed due to a faulty signature update in the CrowdStrike Falcon security software. Most of them remained in a blue screen loop and could no longer be booted in some cases.

What computers are affected by CrowdStrike? ›

We currently estimate that CrowdStrike's update affected 8.5 million Windows devices, or less than one percent of all Windows machines.

Will CrowdStrike recover? ›

Key Points. CrowdStrike has a lot of work to do to recover. It can do it. And investors could then see significant long-term gains.

Who is behind CrowdStrike? ›

CrowdStrike was co-founded in 2011 by George Kurtz (CEO), Dmitri Alperovitch (former CTO), and Gregg Marston (CFO, retired).

What was the cause of the Microsoft outage? ›

What we know about the global Microsoft outage. A massive outage was caused by what was supposed to be a routine update from the cybersecurity company CrowdStrike. A routine software update caused cascading chaos Friday that has engulfed global businesses from airports and banks to retail and law enforcement.

What is causing the IT outage? ›

A bug in a software update by cybersecurity firm CrowdStrike has caused global travel chaos, scrambled 911 lines in the US, and put news channels including Sky News temporarily off-air.

How a routine CrowdStrike update crashed the world's computers? ›

It started with faulty code pushed directly to PCs by CrowdStrike, a cybersecurity firm that says it's used by more than half of Fortune 500 companies. The faulty code caused the affected machines to enter an endless loop of reboots, taking them offline.

What caused the global tech outage CNN? ›

TechRadar's Editor at Large Lance Ulanoff explains how corrupted data from a software update issued by major US cybersecurity firm CrowdStrike is the cause behind the global computer outage affecting airports, banks and other businesses.

References

Top Articles
Latest Posts
Recommended Articles
Article information

Author: Tuan Roob DDS

Last Updated:

Views: 5694

Rating: 4.1 / 5 (42 voted)

Reviews: 81% of readers found this page helpful

Author information

Name: Tuan Roob DDS

Birthday: 1999-11-20

Address: Suite 592 642 Pfannerstill Island, South Keila, LA 74970-3076

Phone: +9617721773649

Job: Marketing Producer

Hobby: Skydiving, Flag Football, Knitting, Running, Lego building, Hunting, Juggling

Introduction: My name is Tuan Roob DDS, I am a friendly, good, energetic, faithful, fantastic, gentle, enchanting person who loves writing and wants to share my knowledge and understanding with you.