Millions of Windows computer users worldwide grappled with the Blue Screen of Death (BSOD) error on Friday, causing their systems to unexpectedly shut down or restart. This widespread issue has severely impacted critical sectors, including airports, banks, and large corporations, leading to closures and disruptions.
The root cause: CrowdStrike
The origin of this massive outage has been traced back to a recent update from CrowdStrike, a cybersecurity firm. But what exactly is CrowdStrike?
What is CrowdStrike?
.jpg)
.jpg)
CrowdStrike is a US-based cybersecurity company specialising in protecting large organisations, government agencies, and critical infrastructure such as airports and banks. Unlike more commonly known antivirus programs like Kaspersky or Symantec, CrowdStrike's solutions are not typically used by everyday consumers. Since its inception in 2011, CrowdStrike has focused on high-profile clients and advanced cybersecurity threats.
The University of Denver explains that once CrowdStrike is installed, it automatically scans for threats without requiring manual virus scans from the user. Cybersecurity software like CrowdStrike operates with extensive privileges throughout a computer system, including access to sensitive areas. This means that any errors in the software can have widespread and significant consequences.
The company gained prominence by assisting the US government in high-stakes cyber incidents, such as investigating North Korean hackers after the Sony breach and analysing Russian cyber activities during the Democratic Party server hack.
Current outage
The current crisis is one of the most significant cyber issues of 2024. The problem originated from a software update to CrowdStrike's Endpoint Detection and Response (EDR) product, which protects endpoints with high privileges. This malfunction has led to widespread BSOD errors, causing severe disruptions globally.
Omer Grossman, Chief Information Officer (CIO) at CyberArk, highlighted two critical issues: restoring business continuity and the manual process required to update each crashed endpoint. This recovery process is expected to take several days.
CrowdStrike’s Response
CrowdStrike's CEO, George Kurtz, issued a statement acknowledging the issue and assuring that it is not a security incident or cyberattack. The problem has been isolated to a single content update affecting only Windows hosts, with no impact on Mac- or Linux-based systems. The company has deployed a fix and is working closely with affected customers.
Kurtz emphasised the importance of using official channels for communication and assured that CrowdStrike’s team is fully mobilised to ensure customer security and stability. For continuous updates, customers are directed to the support portal and the company’s website.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers,” said Kurtz in a post on X.
Here is what Microsoft said:
Microsoft, in a statement on Friday said, "We remain committed in treating this event with the highest priority and urgency while we continue to address the lingering impact for the Microsoft 365 apps that are in a degraded state."
"Our services are still seeing continuous improvements while we continue to take mitigation actions," it added.
As the global community deals with the fallout, the spotlight remains on CrowdStrike, highlighting its crucial role in cybersecurity for critical sectors.
.jpg)
.jpg)
.jpg)
.jpg)