On Friday morning, some of the biggest airlines, TV broadcasters, banks, and other essential services came to a standstill as a massive outage rippled across the globe. The outage, which has brought the Blue Screen of Death upon legions of Windows machines across the globe, is linked to just one software company: CrowdStrike.
CrowdStrike plays an important role in helping companies find and prevent security breaches, billing itself as having the “fastest mean time” to detect threats. Since its launch in 2011, the Texas-based company has helped investigate major cyberattacks, such as the Sony Pictures hack in 2014, as well as the Russian cyberattacks on the Democratic National Committee in 2015 and 2016. As of Thursday evening, CrowdStrike’s valuation was upwards of $83 billion.
It also has around 29,000 customers, with more than 500 on the list of the Fortune 1000, according to CrowdStrike’s website.
But that popularity put it in the position to wreak havoc when something went wrong, with systems using CrowdStrike and Windows-based hardware falling offline in droves this morning. CrowdStrike CEO George Kurtz said on Friday that the company is “actively working with customers impacted by a defect found in a single content update for Windows hosts” while emphasizing that the issue isn’t linked to a cyberattack. It also doesn’t affect Mac or Linux machines.
The July 19th outage is tied to CrowdStrike’s flagship Falcon platform, a cloud-based solution that combines multiple security solutions into a single hub, including antivirus capabilities, endpoint protection, threat detection, and real-time monitoring to prevent unauthorized access to a company’s system.
The update in question appears to have installed faulty software onto the core Windows operating system, causing systems to get stuck in a boot loop. Systems are showing an error message that says, “It looks like Windows didn’t load correctly,” while giving users the option to try troubleshooting methods or restart the PC. Many companies, including this airline in India, have resorted to the good old-fashioned way of doing things by hand.
“Our software is extremely interconnected and interdependent,” Lukasz Olejnik, an independent cybersecurity researcher, consultant, and author of the book Philosophy of Cybersecurity, tells The Verge. “But in general, there are plenty of single points of failure, especially when software monoculture exists at an organization.”
Although CrowdStrike has deployed a fix, getting things up and running won’t be a simple task. Olejnik tells The Verge that this issue could take “days to weeks” to resolve because IT administrators may have to have physical access to a device to get them working again. How fast that happens depends on the size and resources of a company’s IT team. “Some systems in certain specific circumstances may be unrecoverable, but I assume that the majority will be recovered,” Olejnik adds.