George Kurtz, co-founder and CEO of CrowdStrike Inc., speaks during the Montgomery Summit in Santa Monica, California.
Patrick T. Fallon | Bloomberg | Getty Images
A bug with an update issued by cybersecurity firm CrowdStrike led to a cascading effect across global IT systems on Friday, with industries ranging from banking to airlines experiencing outages.
Banks and healthcare providers saw their services disrupted and television stations went offline as businesses around the world grappled with the ongoing outage. Air travel has also been hit hard, with planes grounded and routes delayed.
At the center of the issue is the Texas-based cybersecurity vendor CrowdStrike. On Friday, the cybersecurity company experienced a major outage after a problem with a software update.
So what exactly happened? CNBC takes a look.
What is CrowdStrike and what does it do?
CrowdStrike is a cybersecurity vendor that develops software to help companies detect and block intrusions. It is used by many of the world’s Fortune 500 companies, including major global banks, healthcare and energy companies.
CrowdStrike is what is known as an “endpoint security” company, as it uses cloud technology to apply cyber protection to devices connected to the internet.
This differs from alternative approaches used by other cyber companies, which involve applying protection directly to backend server systems.
“Many companies use [CrowdStrike software] and install it on all the machines in their organization,” Nick France, chief technology officer at IT security firm Sectigo, told CNBC.Squawk Box Europe” on Friday.
“So when an update happens that might have problems with it, it causes this problem when machines restart and people can’t get back to their computers.”
What happened on Friday?
On Friday, people around the world started experiencing an error screen known as the “blue screen of death.”
This issue—a common problem among PCs, for example, if a machine overheats—was the result of an update from CrowdStrike about its Falcon product.
Falcon is a company-developed platform designed to stop cyber breaches using cloud technology — it’s at the heart of the company’s focus on endpoints. CrowdStrike said Friday that it is in the process of rolling out the update globally.
CrowdStrike’s software requires deep access to a computer’s operating system to scan for threats. In the case of Friday’s outage, machines running Microsoft’s Windows operating system crashed because of a bug in the way a software update issued by CrowdStrike interacted with Windows.
“We have been made aware of an issue affecting virtual machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may experience error checking (BSOD [blue screen of death]) and get stuck in reboot mode. The approximate impact began around 19:00 UTC on July 18.” Microsoft he said in a 5:40 a.m. briefing. ET.
“We can confirm that the affected update has been pulled by CrowdStrike. Customers who continue to experience issues should contact CrowdStrike for additional assistance,” the company added.
Satnam Narang, a senior staff researcher at Tenable, told CNBC on Friday that the outage was “very unprecedented.”
“The challenge here is that security software — because it’s doing its job to protect organizations — needs to have more privileged access to those machines,” he said.
So while people may see their IT problems as a Windows problem, “it’s not really a Windows issue, it’s related to a faulty or bad update from that security software,” Narang added.
A fix has been issued
Earlier, Microsoft said its cloud services were restored after an outage affecting Azure services and the Microsoft 365 application suite in the Central US region. A company spokesperson said these are two separate and unrelated issues — one related to Azure, the other related to CrowdStrike.
They added that they “expect that there will be a resolution,” in relation to the CrowdStrike issue.
CrowdStrike is “actively working with customers affected by a flaw identified in a single content update for Windows hosts,” CEO George Kurtz said Friday in an update on social media platform X. He added that Mac and Linux hosts are not affected.
“This is not a security incident or cyber attack. The issue has been identified, isolated and a fix has been developed.” Kurtz said.
However, this fix can be difficult to implement. Andy Grayland, head of intelligence and security at threat intelligence firm Silobreaker, said that to apply a fix, engineers would have to go into every single data center running windows.
They would then have to log in, navigate to a specific CrowdStrike file, delete it and then reboot the entire system, he said.
“Where machines are encrypted, complex encryption keys must also be entered manually. Unless Microsoft and CrowdStrike (if involved) pull something miraculous out of the bag, it could be painful to recover from.”