Windows Experiencing Downtime after Crowdstrike Update
In a surprising turn of events, CrowdStrike, a leading cybersecurity company, faced a significant issue on July 19, 2024, when a problematic update for Windows hosts caused a system crash for devices running sensor version 7.11 and above that were online between 04:09 UTC and 05:27 UTC. This incident affected approximately 8.5 million devices, but Mac and Linux hosts remained unaffected.
The issue was not a security incident or cyberattack, as confirmed by both the Australian Government and CrowdStrike themselves. Instead, the company delivered the problematic update in the form of Rapid Response Content, designed to respond to the changing threat landscape at operational speed.
After the outage, multiple affected companies worked internally and with their IT teams to manually remediate and support customers. However, there is no detailed public information specifying a formal coalition of firms that joined forces for remediation. Instead, CrowdStrike conducted a "Preliminary Post Incident Review," acknowledged the faulty update issue, and progressively restored 97% of affected Windows sensors online within six days.
Microsoft, CrowdStrike, AWS, and GCP have collaborated to develop a scalable solution to accelerate a fix for CrowdStrike's faulty update. Microsoft has taken steps to remediate the issue, including engaging with CrowdStrike, deploying engineers and experts to work directly with customers, and posting manual remediation documentation on the Windows Message Center.
The Australian Cyber Security Centre has issued a 'critical' alert for organizations impacted by the outage, and affected individuals or organizations can contact 1300 CYBER1 (1300 292 371) for assistance. The latest status on the incident can be found on the Azure Status Dashboard.
The defect in the content update was reverted on July 19, 2024, at 05:27 UTC. In the wake of this incident, there are concerns about over-reliance on cloud services, as highlighted by Omdia's Cloud and Data Center analysts. There is a shift towards consolidating security tools into integrated platforms, which could potentially mitigate such incidents in the future.
Unfortunately, CrowdStrike's shares have plummeted by more than 20%, resulting in a $16 billion loss in value. This incident serves as a reminder for businesses to demand rigorous testing and transparency from their vendors to prevent such incidents from happening in the future. Lessons learned from this incident are broadly discussed in the industry, and the cybersecurity landscape continues to evolve in response to such challenges.
Alerts can be accessed at https://www.cyber.gov.au for those in Australia seeking further information.
