the staff of the Ridgewood blog
Ridgewood NJ, in the world of IT, there’s a well-known rule of thumb: never do an update on a Friday. This wisdom was starkly illustrated when a fault with an update from cybersecurity company CrowdStrike triggered widespread IT system disruptions across various industries, from banking to airlines.
The Fallout
On Friday, a significant disruption originating from Texas-based cybersecurity vendor CrowdStrike affected a multitude of businesses globally. Banks, health-care providers, and even TV broadcasters experienced outages, with air travel severely impacted as planes were grounded and services delayed.
What is CrowdStrike?
CrowdStrike is a cybersecurity firm specializing in endpoint security. It develops software designed to detect and block hacks, using cloud technology to apply protections to devices connected to the internet. Unlike some cybersecurity approaches that focus on back-end server systems, CrowdStrike’s solutions are deployed directly on endpoints, making it a crucial tool for many Fortune 500 companies, including those in banking, healthcare, and energy sectors.
The Issue
The problem began when an update to CrowdStrike’s Falcon product caused machines running Microsoft’s Windows operating system to crash. The issue, often resulting in the notorious “blue screen of death,” stemmed from a fault in the interaction between the CrowdStrike update and Windows.
Falcon is a platform developed by CrowdStrike to prevent cyber breaches using cloud technology. The software requires deep access to a computer’s operating system to effectively scan for threats. This critical access, however, meant that any flaw in an update could have far-reaching consequences.
The Impact
Starting around 19:00 UTC on July 18, users worldwide began encountering the blue screen error. The update’s fault led to machines rebooting and getting stuck in a restarting state. Microsoft acknowledged the issue in an update, indicating that both Windows Client and Windows Server running the CrowdStrike Falcon agent were affected.
The Response
CrowdStrike has since initiated a rollback of the faulty update globally, working to restore normalcy to the affected systems. Nick France, Chief Technology Officer at IT security firm Sectigo, explained the situation:
“Many companies use CrowdStrike software and install it on all of their machines across their organization. So when an update happens that maybe has problems with it, it causes this problem where the machines reboot, and people can’t get back into their computers.”
Hurt Desk walked me through deleting the update. I was back on-line by 4:15pm.
I’m glad it didn’t affect my MTV.
I mean, it’s called CrowdStrike, people. HerdKill would have been too obvious, I guess.