A defective software update in CrowdStrike Falcon Sensor caused Windows computer systems to crash across the globe, leading to massive disruptions of critical functions across multiple industries.
The outage forced major commercial airlines, including Delta, American and United, to halt flights across the globe, disrupted certain operations at major broadcast networks and impacted commercial bank operations.
CrowdStrike CEO George Kurtz apologized for the incident and said a fix had been deployed to resolve an issue with a Falcon content update, in an updated statement.
“We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption,” Kurtz said in the emailed statement. “We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on.”
As details of the outage unfolded, Kurtz was quick to say the incident was not related to a cyberattack or other security incident and the issue had been identified, isolated and a fix had been deployed
Microsoft warned that Microsoft 365 users would not be able to access various applications and services, according to a status update.
However, the company said it was applying mitigation steps to improve the ability of Microsoft 365 applications to function.
“Our telemetry is indicating that the remaining impacted scenarios are progressing towards a full recovery, and we’re closely monitoring to ensure this progress continues,” Microsoft said in the update.
Recovery options for impacted systems are limited, according to Andras Cser, Forrester VP and principal analyst.
Remediating the issue requires significant effort, including manually rebooting systems and removing the compromised CrowdStrike update, Cser said in an emailed statement. "Prior track records of similar incidents have shown that vendors’ operations, product testing, and communications strategies only get better after such incidents occur.”
The Cybersecurity and Infrastructure Security Agency is working closely with CrowdStrike, along with critical infrastructure and federal, state and local governments to assess the impact, a spokesperson said via email.
Vendor reliance
Software industry analysts and security experts raised concerns about how a defect involving a single vendor could potentially lead to such massive disruption of services.
“It is still too early to determine how such an error occurred, and whether a code fault with the driver, or an unanticipated and undocumented change in the Windows operating system which CrowdStrike was unable to predict, is responsible,” Rob Reeves, principal cyber security engineer at Immersive Labs, said in a statement.
However, Reeves noted that heavy reliance on Falcon is a “double-edged sword” causing untold disruption to global systems.
The global outage also highlights the importance of cybersecurity tools to operations, Forrester Principal Analyst Allie Mellen said in an email.
“Reliability of the tools and services cybersecurity teams use is critical in the face of cyberattacks," said Mellen. "An incident like this questions that reliability. This will undoubtedly raise questions and concerns from executives about how to ensure the reliability of enterprise systems, especially with technology as integrated into day-to-day operations as cybersecurity software."
Though businesses are actively working to restore systems, full resolution might not be immediate.
"Tech incidents like this require an all-hands-on-deck approach, and your teams will be working 24/7 over the weekend to recover," Mellen said.
Editor’s note: This story has been updated to include a statement from CrowdStrike and comment from Forrester.
