8.5 million devices impacted by CrowdStrike’s faulty update causing outage
According to a blog post from Microsoft, a worldwide disruption caused by a flawed update from cybersecurity company CrowdStrike on Friday impacted approximately 8.5 million Windows devices. The update led to a blue screen error, halting operations for hospitals, airlines, banks, and other essential services. The issue only affected devices running on the Windows operating system.
While the issue was mostly resolved by Friday afternoon, Microsoft and CrowdStrike are still dealing with the fallout. In a blog post on Saturday, Microsoft’s director of Enterprise and OS Security, David Weston, wrote that the company is working with CrowdStrike “to develop a scalable solution to help Microsoft’s Azure infrastructure accelerate the remediation of CrowdStrike’s flawed update.” Microsoft has also asked for help from Amazon Web Services (AWS) and Google Cloud Platform (GCP).
CrowdStrike said in its own blog post on Saturday that the update — a sensor configuration update — “was designed to target recently discovered malicious pipelines used by common C2 frameworks in cyberattacks.” Unfortunately, on devices running Windows 7.11 or later using CrowdStrike’s Falcon sensor, it instead “triggered a logic error that resulted in the OS crashing.” According to Weston, the total number of affected devices was “less than 1 percent of all Windows machines.”