On the Origin of the Blue Screen of Death Outage: CrowdStrike vs. Mac OS: A Deep Look at an Early Go-Go Update
On Friday morning, a large number of essential services came to a halt, including airlines, banks, and TV broadcasters. The outage, which has brought the Blue Screen of Death upon legions of Windows machines across the globe, is linked to just one software company: CrowdStrike.
The fix, for many, won’t be easy. IT admins are still trying to use an initial workaround provided by CrowdStrike, which involves booting Windows systems into Safe Mode and deleting a system file:
CrowdStrike’s driver is not able to load in a Safe Mode environment because of these steps. IT admins must locate the faulty driver on the disk in order to destroy it. This workaround requires, in most cases, physical access to a machine. It’s difficult to remove the faulty driver in some environments due to the lack of admin rights and BitLocker.
CrowdStrike CEO George Kurtz said on Friday that the issues were caused by a “defect” in code the company released for Windows. Mac and Linux systems are not affected. “The issue has been identified, isolated and a fix has been deployed,” Kurtz said in a statement, adding the problems were not the result of a cyberattack. In an interview with NBC, Kurtz apologized for the disruption and said it may take some time for things to be back to normal.
There will be questions about how a faulty update like this ever managed to hit millions of machines around the world, even after CrowdStrike apologized for the damage it caused.
How Russian Cyberattacks on the Democratic National Committee have Caught up CrowdStrike and it’s Implications for American Airlines and Computers
Notepad by Tom Warren is a weekly newsletter filled with secrets and strategy behind Microsoft’s bets on artificial intelligence, gaming, and computing. You can get the latest news straight to your inbox.
CrowdStrike plays an important role in helping companies find and prevent security breaches, billing itself as having the “fastest mean time” to detect threats. The Russian cyberattacks on the Democratic National Committee in 2015 and 2016 were one of the major cyberattacks the Texas-based company has helped investigate. CrowdStrike was valued at more than $83 billion as of Thursday evening.
The outages could result in “millions” being lost by organizations impacted who have had to halt their operations or stop business, says Lukasz Olejnik, an independent cybersecurity consultant, who says the CrowdStrike update appears to be linked to its Falcon Sensor product. CrowdStrike said that the Falcon system can block attacks on systems and is part of their security tools.
The update in question appears to have installed faulty software onto the core Windows operating system, causing systems to get stuck in a boot loop. Systems are showing an error message that says, “It looks like Windows didn’t load correctly,” while giving users the option to try troubleshooting methods or restart the PC. The airlines in India have used the good old fashioned way of doing things.
Global IT Failures Caused by Windows-Based Errors: A Study of a Large-Scale Cybersecurity Outage
Lukasz Olejnik, an independent researcher, consultant, and author of the book Philosophy of Cybersecurity tells The Verge our software is extremely interdependent. “But in general, there are plenty of single points of failure, especially when software monoculture exists at an organization.”
The devices that have been affected by the incident are those that run Windows and other operating systems. It is unclear exactly how widespread the issues are and how long they will take to resolve. Microsoft and CrowdStrike did not immediately respond to WIRED’s requests for comment on the outage.
Australian banks, airlines, and TV broadcasters first raised the alarm as thousands of machines started to go offline. Businesses based in Europe are starting their working days. Sky News in the UK is unable to broadcast its morning news bulletin due to an interruption. An IT issue is impacting flight departures, as well as being one of the biggest airlines in Europe.
The US Federal Aviation Administration says all flights from Delta, United, and American Airlines are grounded due to a “communication issue.” Berlin airport is also warning of travel delays due to “technical issues.” Many 911 emergency call centers in Alaska have also been impacted by the issues.
A poster on Reddit says their entire company is offline, while another says 70 percent of their laptops are down. One poster has a Happy Friday message. It looks like it’s going to be a long day for IT admins worldwide.
In what appears to be a separate outage, Microsoft is also recovering from several issues with its Microsoft 365 apps and services. The root cause of those issues was the configuration change.
After windows machines have displayed errors worldwide, airports, hotels, and other businesses are facing widespread IT failures that leave flights grounded and cause widespread disruption.
The Digital Catastrophe of the last 12 Hours: Not Petya, Not Slammer, Not Peteya and other Computer Crimes
A Microsoft representative issued a statement saying it is aware of the Windows device problems and believes there will be a solution.
The impact of the CrowdStrike update on public services and businesses around the world has been huge. Scores of airports are facing delays and long queues, with one passenger in India sharing a hand-written boarding pass that they have been issued.
Only a handful of times in history has a single piece of code managed to instantly wreck computer systems worldwide: The Slammer worm of 2003. NotPetya was the target of a cyberattack by Russia. North Korea has self-spreading computer viruses. But the ongoing digital catastrophe that rocked the internet and IT infrastructure worldwide over the last 12 hours appears to have been triggered not by malicious code released by hackers, but by the software designed to stop them.