Bad CrowdStrike update causes major outages of Microsoft systems worldwide
You'll doubtless be aware already of the major outages of Microsoft systems today causing problems for airports, rail operators, banks, retailers, broadcasters and more.
Among the disruption stores found themselves unable to accept payments and in the UK Sky News’s breakfast show was taken off air. Some airports were forced to use whiteboards to show flight departure information.
The problem it transpires is not because of a cyberattack or something caused by Microsoft itself. Instead it was an update to widely-used security software CrowdStrike that was causing computers to crash.
Cybersecurity expert Kevin Beaumont revealed on X that the issues were down to a badly formatted driver.
Industry figures have been quick to weigh in with comments. Brian Higgins, security specialist at Comparitech says, "CrowdStrike have blamed a sensor update for the global outage and claim to be fixing the problem themselves. Their current advice is to take no further action but to monitor updates until a resolution is found. Not massively helpful for all of the essential services affected but since there is nothing practical to be done by users at this stage there is little more to be said. I’m sure there will be plenty of post-mortem commentary about resilience models and redundancies etc. in the days to come but right now the best we can do is hope that everyone comes out of this as safely as possible."
Al Lakhani, CEO of authentication company IDEE says:
Many people might be thanking Microsoft for their accidental day off, but countless businesses are suffering due to Microsoft's and their partners' failure to maintain their services. This incident underscores the importance of businesses thoroughly researching and vetting their cybersecurity solutions before implementation. Microsoft clearly fell short in this regard, and we are witnessing a cascade of operational failures around the world as a result.
CrowdStrike's platform approach, which relies on a single agent focused on detection, might seem good at first glance, but as we can see, it can create significant issues. For instance, agents require installation and maintenance of software on multiple different OSes, adding layers of complexity and potential points of failure. Moreover, agents can become a single point of failure, as a bad update can compromise the entire network, as seen with the SolarWinds attack.
The lesson here is blindingly obvious: investing in cybersecurity is not just about acquiring the latest or most popular tools but ensuring those tools are reliable and resilient. This is why businesses must prioritise agentless solutions like MFA 2.0, which reduce the risk of widespread failures and ensure more resilient defences.
"Social media is ablaze with users reporting that they are unable to work and one user on Reddit even stated they were commenting purely to be part of history on 'The day that Crowdstrike took out the internet!'" says Adam Pilton, senior cybersecrity consultant at CyberSmart “This is very much the point of why all businesses must plan and prepare. As we are seeing, a huge dependency on individual suppliers can take down supply chains."
Tom Kidwell, co-founder of Ecliptic Dynamics and former British Army and UK Government intelligence specialist adds:
The outage impacting Windows devices this morning appears to have been caused by a driver update by CrowdStrike, bricking older windows devices and servers, which will be worst hit. Unfortunately for CrowdStrike, if that is the case, it could be nauseating to fix. Due to the nature of the update, an individual from every organisation will need to boot into safe mode, remove the issue file/driver, and then either roll back or update to a new version, something CrowdStrike will need to release very quickly.
Incidents like this highlight the vulnerability in using a single supplier on such a vast scale, and why it's critical that organisations have a backup plan. Best practice for vendors is to pressure test any updates before rollout, however this can be difficult when you serve 60-90 percent of the world.
There's no word yet on when the issue might be fully resolved. In the meantime it's a good idea to pause CrowdStrike updates.
Image credit: karenr/depositphotos.com