On Friday at 05:30 Greenwich time, CrowdStrike, an American cybersecurity company, began notifying its customers that the widely used software “Falcon Sensor” is causing crashes of Microsoft Windows operating systems.
Essentially, they informed about the notorious blue screen, informally known as the “blue screen of death,” which means that whoever sees it has a computer with the functionality of a… brick.
Microsoft: What caused the global IT blackout
Soon, the CEO of CrowdStrike, George Kurtz, updated via a post on X that “this is not a security incident or cyberattack,” and that the company has already deployed a solution for the problem.
As he clarified, the issue arose from a defect identified in a single update for servers using Microsoft Windows, adding that servers running Mac and Linux operating systems were not affected by the issue.
On its part, Microsoft announced that it addressed the underlying cause of the service outages in 365 applications and services, including Teams and OneDrive, but residual impacts affected certain services.
However, the situation is not so simple as the affected servers running the Windows operating system could not be fixed remotely, since the “blue screen of death” causes computers to crash upon rebooting before they can be updated.
Thus, the systems would have to be updated manually, meaning that the entire process would be time-consuming, primarily exacerbating the financial damage that has occurred, both to CrowdStrike and (much more so) to the affected customers: namely banks, airports, airlines, hospitals, and businesses.
Several analysts believe that the issue itself is actually quite simple; however, it is the scale that makes it unprecedented, characterizing this particular outage as one of the largest in recent years.
“In Greece, the problems are very isolated,” said the Minister of Digital Governance, Dimitris Papastergiou, regarding yesterday’s digital blackout.
As he clarified in a television interview, “in our country, the upgrade of the critical software would take place later, and that is why the systems were not significantly affected.”
Regarding ordinary Windows users, Dimitris Papastergiou clarified that the security software is used by large enterprises, and therefore it would not affect them.
Why did it happen?
To understand the reasons behind today’s… fiasco, we need to go back a few years. Over the last two decades, governments and businesses have increasingly relied on a few tech companies that provided the much-desired connectivity.
The emergence of the new coronavirus brought a new acceleration in connectivity needs: everything could be done remotely, and it was obviously a situation that was here to stay.
Clearly, all these computer networks also required protection from cyberattacks. That’s how cybersecurity products in the form of EDR (Endpoint Detection and Response) began to be utilized, running in the background of corporate machines, or otherwise known as “endpoints.”
Companies like CrowdStrike are able to use EDR products as early warning systems for potential digital attacks, scanning for viruses and preventing hackers from gaining unauthorized access to corporate networks.
What happened yesterday is that something in CrowdStrike’s code conflicted with something in the code that makes Windows function, causing these systems to crash, even after rebooting.
Given the transition of so many businesses to the cloud and the software from companies like CrowdStrike running on millions of computers, the extent of the problem that was created becomes entirely understandable.
Who was affected
The result of the problem was practically that all computer systems in many sectors “shut down” on Friday, with major airlines halting flights, certain broadcasters going off the air, and sectors from banking to healthcare being impacted.
The travel industry was one of the hardest hit, with airports worldwide reporting delays and problems with their network system. Airports from Los Angeles to Singapore, Hong Kong, Amsterdam, and Berlin announced that some airlines would need to manually check passengers, causing delays (American Airlines, Delta Airlines, United Airlines, and others grounded their flights citing communication issues).
Banks and financial services companies from Australia and India to Germany warned their customers of disruptions while exchanges across markets reported problems executing transactions.
Media outlets, such as British Sky, were off the air for a significant period, with governments in Australia and New Zealand, several U.S. states, and even the British NHS facing issues as well.
Essentially, those who were affected were those using CrowdStrike software in combination with servers running the Windows operating system, as it appears that Mac and Linux systems were not impacted.
“We deeply apologize for the impact we have caused to customers, travelers, anyone affected by this, including our company,” said Kurtz in an interview with NBC News.
“Many of the customers are rebooting their systems, and the system is coming back and will be operational,” noted Kurtz. “It may take some time for certain systems that will not recover automatically.”
Shares of CrowdStrike, a company with a market capitalization of about 83 billion dollars and over 20,000 active corporate clients worldwide, fell 14.5% shortly after the opening of Wall Street, while Microsoft saw a decline of nearly 1.5%.
In contrast, CrowdStrike’s competitors, SentinelOne and Palo Alto Networks, saw their shares rise over 10% and 2.6%, respectively.