CrowdStrike CEO George Kurtz said 97% of the company’s Windows sensors on the Falcon security platform were back online as of Thursday, though recovery from the global IT outage remains ongoing.
Kurtz said the progress was enhanced due to the development of automated recovery techniques. CrowdStrike is taking steps to prevent such an incident from happening again, he said, following the release of a preliminary incident report earlier this week.
Kurtz personally apologized to everyone affected by the outage and thanked CrowdStrike customers, partners and team members for their role in helping the recovery.
“To our customers still affected, please know we will not rest until we achieve full recovery,” Kurtz wrote in the LinkedIn post. “At CrowdStrike our mission is to earn your trust while safeguarding your operations.”
CrowdStrike issued a preliminary report late Tuesday showing an undetected error in a rapid response configuration software update in the company’s Falcon sensor led to the outage. About 8.5 million Microsoft Windows devices crashed as a result, and though that was less than 1% of Windows device deployments, it disrupted operations at major airlines, banks, hospitals and other critical organizations around the globe.
Microsoft released a separate recovery update outlining steps underway to build more resiliency into the Windows platform to make sure it can prevent such a massive outage from taking place in the future.
“This incident shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience,” John Cable, VP of Windows servicing and delivery, in a blog post Thursday. “These improvements must go hand in hand with ongoing improvements in security and be in close cooperation with our many partners, who also care deeply about the security of the Windows ecosystem.”
Cable highlighted recent efforts, including the introduction of VBS enclaves, which is a “software-based trusted execution environment inside a host application.” In January the company unveiled Microsoft Azure attestation, which is a service to help verify a platform is trustworthy and confirm the integrity of the binaries running inside of it.
The incident highlighted concerns over how a single point of failure could have disrupted such a wide swath of critical infrastructure providers in the U.S. and globally.
NetChoice sent a letter to the U.S. Senate Homeland Security and Government Affairs Committee urging a hearing with CrowdStrike and Microsoft to find out what both companies are doing to avoid such an occurrence from happening in the future.
The House Homeland Security Committee earlier this week sent a letter to Kurtz asking him to testify about the outage.
Carl Szabo, VP and general counsel at NetChoice, said the incident underscores that U.S. critical infrastructure and government systems are too dependent on Microsoft.
“Congress must additionally investigate how to diversify our technology usage and how to make sure that other competitors don’t have the same security vulnerabilities that Microsoft products have,” Szabo said via email.