The Wall Street Journal reports that a routine security update from CrowdStrike caused widespread disruption by rendering Windows-based computers unusable.
The outage, one of the most momentous in recent memory, crippled computers worldwide and drove home the brittleness of the interlaced global software systems that we rely on.
This failure followed another:
Adding to the chaos—and further underlining the vulnerability of the global IT system—a separate problem hit Microsoft’s Azure cloud computing system on Thursday shortly before the CrowdStrike glitch, causing an outage for customers including some U.S. airlines and users of Xbox and Microsoft 365.
Here are the key points:
- Trigger of the Incident:
- A CrowdStrike update, intended to enhance security, caused computers to crash and become unresponsive globally. The issue began with an update to a "channel file" that helps CrowdStrike’s software neutralize cyber threats.
- Impact:
- The update affected various sectors, including healthcare, airlines, and corporate systems. For instance, U.S. 911 call centers were disrupted, Amazon employees faced email issues, and global flights were delayed or canceled.
- The problem caused a blue screen error, which made computers unable to restart properly, turning them into "unusable bricks."
- Technical Cause:
- The faulty update crashed the kernel of the Windows operating system, which is essential for the system's functioning. Restarting the computer led to repeated crashes, necessitating manual removal of the problematic file.
- Recovery Efforts:
- CrowdStrike quickly identified the issue and rolled back the update within 78 minutes, but the damage was already done for many systems.
- Users were advised to boot into Windows "safe mode" to delete the faulty file and restore their systems.
- Broader Implications:
- The incident highlighted the interconnected nature of modern IT systems and the potential for widespread disruption when a single update goes wrong. It also emphasized the risks associated with automated updates and the deep access cybersecurity software requires.
- Market Reaction:
- CrowdStrike’s co-founder and CEO, George Kurtz, addressed the situation publicly, reassuring customers that it was not a cyberattack. However, the incident led to some companies, like Tesla, deciding to remove CrowdStrike from their systems.
- Simultaneous Issues:
- The chaos was compounded by a separate problem with Microsoft’s Azure cloud computing system, which caused additional outages shortly before the CrowdStrike glitch.