Microsoft says 8.5m of its devices affected by CrowdStrike outage

Published: 11:28, July 21, 2024 | Updated: 12:54, July 21, 2024

By Reuters

Travelers navigate customer service and ticketing lines at Ronald Regan Washington National Airport on July 19, 2024 in Washington, DC. A global computer outage started from an update from the cybersecurity company CrowdStrike that impacted flights worldwide along with disrupting broadcasters and banking services. (PHOTO / AFP)

A global tech outage that was related to a software update by cybersecurity firm CrowdStrike affected nearly 8.5 million Microsoft devices, Microsoft said in a blog post on Saturday.

"We currently estimate that CrowdStrike's update affected 8.5 million Windows devices, or less than one percent of all Windows machines," it said in the blog.

A software update by global cybersecurity firm CrowdStrike, one of the largest operators in the industry, triggered systems problems that grounded flights, forced broadcasters off air and left customers without access to services such as healthcare or banking.

"While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services," Microsoft said in its blog post.

ALSO READ: Australia warns of malicious websites after cyber outage

CrowdStrike has helped develop a solution that will help Microsoft's Azure infrastructure accelerate a fix, Microsoft said, adding that it was working with Amazon Web Services and Google Cloud Platform, sharing information about the effects Microsoft was seeing across the industry.

The air travel industry was recovering on Saturday from the outage that caused thousands of flights to be cancelled, leaving passengers stranded or grappling with hours of delays as airports and airlines were caught up in the IT outage.

An information screen informs travellers that train information is not running due to the global technical outage at Canal Street subway station on July 19, 2024 in New York City. Businesses and transport worldwide were affected by a global technology outage that was attributed to a software update issued by CrowdStrike, a cybersecurity firm whose software is used by many industries around the world. (PHOTO / AFP)

Delta Air Lines, one of the hardest-hit airlines, said that as of 10 am EDT (1400 GMT) on Saturday, more than 600 flights had been canceled, adding that additional cancellations were expected.

Meanwhile, security experts said CrowdStrike's routine update of its widely used cybersecurity software, which caused clients' computer systems to crash globally on Friday, apparently did not undergo adequate quality checks before it was deployed.

ALSO READ: New focus on risks as global tech outage eases after massive disruption

The latest version of its Falcon sensor software was meant to make CrowdStrike clients' systems more secure against hacking by updating the threats it defends against. But faulty code in the update files resulted in one of the most widespread tech outages in recent years for companies using Microsoft's Windows operating system.

CrowdStrike released information to fix affected systems, but experts said getting them back online would take time as it required manually weeding out the flawed code.

"What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through," said Steve Cobb, chief security officer at Security Scorecard, which also had some systems impacted by the issue.

ALSO READ: Global cyber outage grounds flights and disrupts businesses

Problems came to light quickly after the update was rolled out on Friday, and users posted pictures on social media of computers with blue screens displaying error messages. These are known in the industry as "blue screens of death."

Screens show a blue error message at a departure floor of LaGuardia Airport in New York on July 19, 2024, after a faulty CrowdStrike update caused a major internet outage for computers running Microsoft Windows. (PHOTO / AP)

Patrick Wardle, a security researcher who specializes in studying threats against operating systems, said his analysis identified the code responsible for the outage.

The update's problem was "in a file that contains either configuration information or signatures," he said. Such signatures are code that detects specific types of malicious code or malware.

"It's very common that security products update their signatures, like once a day... because they're continually monitoring for new malware and because they want to make sure that their customers are protected from the latest threats," he said.

The frequency of updates "is probably the reason why (CrowdStrike) didn't test it as much," he said.

It's unclear how that faulty code got into the update and why it wasn't detected before being released to customers.

"Ideally, this would have been rolled out to a limited pool first," said John Hammond, principal security researcher at Huntress Labs. "That is a safer approach to avoid a big mess like this."

Other security companies have had similar episodes in the past. McAfee's buggy antivirus update in 2010 stalled hundreds of thousands of computers.

But the global impact of this outage reflects CrowdStrike's dominance. Over half of Fortune 500 companies and many government bodies such as the top US cybersecurity agency itself, the Cybersecurity and Infrastructure Security Agency, use the company's software.

Arsenal ease through to quarterfinals as PSV restore pride

Record-breaking 17 awards haul for China Daily at HK news awards

CEPA measures set to ease mainland market access for HK, global firms

Guangdong's action plan on modern industrial system charts route to new productive forces

TOP

VISUAL NEWS