A Microsoft official in Australia said Friday that a flaw in the Windows update had been identified, isolated and a fix had been deployed
Many businesses are facing widespread IT outages, which leaves flights grounded and causes widespread disruption after Windows machines have displayed errors worldwide.
In the early hours of Friday, companies in Australia running Microsoft’s Windows operating system started reporting devices showing Blue Screens of Death (BSODs). Shortly after, reports of disruptions started flooding in from around the world, including from the UK, India, Germany, the Netherlands, and the US: TV station Sky News went offline, and US airlines United, Delta, and American Airlines issued a “global ground stop” on all flights.
After issues emerged, CrowdStrike CEO George Kurtz said that the company has found a flaw in the update that it issued for Windows. This is not a security incident, according to the man. “The issue has been identified, isolated, and a fix has been deployed.” In the statement, Kurtz confirmed that Mac and Linux hosts are not impacted by the update and said that its customers should refer to its support portal.
CrowdStrike CEO George Kurtz said on Friday that the issues were caused by a “defect” in code the company released for Windows. Mac and Linux systems are not affected. “The issue has been identified, isolated and a fix has been deployed,” Kurtz said in a statement, adding the problems were not the result of a cyberattack. It may take some time for things to be back to normal after the disruption, according to a transcript of an interview with NBC.
A Microsoft official stated in a statement that the company is aware of the problems associated with Windows devices and believes a resolution is forthcoming.
Why is the CrowdStrike technical breakdown so big? How many computer systems had to be affected by the cyber-attacks and malware released by hackers?
There was a huge impact on public services and businesses around the world because of the CrowdStrike update. Scores of airports are facing delays and long queues, with one passenger in India sharing a hand-written boarding pass that they have been issued.
Olejnik says it reminds them of their dependence on IT and software. It is equivalent to putting trust in a system with multiple software systems maintained by different vendors. They may be a single point of failure—like here, when various firms feel the impact.”
The Slammer worm was the only time in history where a single piece of code can destroy computer systems all over the world. Russia’s Ukraine-targeted NotPetya cyberattack. The self-spreading of ransomware by North Korea. But the ongoing digital catastrophe that rocked the internet and IT infrastructure worldwide over the last 12 hours appears to have been triggered not by malicious code released by hackers, but by the software designed to stop them.
Separately, the technical breakdown from CrowdStrike released Friday explains more about what happened and why so many systems were affected all at once.
Why is the Pipe1 Execution Caught in the Early Stages of a System Crash? A Response to CrowdStrike
Channel files are part of the behavioral protection mechanisms used by the Falcon sensor. CrowdStrike has discovered many novel tactics, techniques, and procedures that prompt updates to Channel Files several times a day. The architecture has been in place since Falcon was founded.
CrowdStrike explained that the file is not a kernel driver but is responsible for “how Falcon evaluates named pipe1 execution on Windows systems.” Patrick Wardle says that the explanation agrees with the earlier analysis that he and others gave about the cause of the crash.
The systems that were vulnerable to a system crash were those running the Falcon sensor for Windows 7.11 and above.