A major Microsoft outage sent shockwaves across the globe on Friday, July 19, grounding flights, disrupting television broadcasts, and impacting critical infrastructure.
Cybersecurity experts deemed the incident "unprecedented" in its scope, affecting some of the world's largest companies. It even affected several businesses and other infrastructures in other countries.
Mysterious Blue Screens Point to a Software Issue
The initial cause remained unclear as Windows computers succumbed to a blue screen of death (BSOD), abruptly ceasing function. However, as the outage unfolded throughout Friday, the culprit began to emerge.
Related Article : Microsoft's Search Engine Bing Down for Hours; Services Relying on Bing API Still Not Working
Faulty CrowdStrike Update at the Root of the Problem
According to The Independent, the blame appears to lie with a faulty update deployed overnight by cybersecurity firm CrowdStrike. The update reportedly rendered infected computers incapable of booting properly.
While CrowdStrike has rolled back the update, it offers little relief for already affected machines. The company has provided a workaround involving a specific boot mode and manual file deletion. However, this process requires administrator access, which becomes a challenge for remotely managed systems.
CrowdStrike's Falcon Sensor Under Scrutiny
CrowdStrike acknowledged the issue, stating they are "aware of reports of crashes on Windows... relating to the Falcon sensor."
Falcon, the company's flagship software, monitors computers for potential security breaches. To achieve this, it requires deep system access. Consequently, any bugs within the software can have significant and far-reaching consequences, as witnessed by the global outage.
CrowdStrike Customer Support Offers Limited Assistance
Customers calling CrowdStrike's technical support line were met with a pre-recorded message acknowledging the issues on Friday morning. The company advises affected users to seek help via their online customer service portal.
Expert Points to Privileged Software as Cause
Dr. Toby Murray, Associate Professor at the University of Melbourne's School of Computing and Information Systems, believes a malfunctioning update to CrowdStrike's Falcon product may be the culprit.
"CrowdStrike Falcon has been linked to this widespread outage. Falcon is an Endpoint Detection and Response (EDR) platform that monitors computers for intrusions and responds accordingly. This grants Falcon a privileged position on the system, allowing it to influence behaviors of the computers it protects," Dr. Murray explains.
He further elaborates that communication will likely stop if the Falcon starts to detect malware and tries to block the communication with an intruder.
This way, a widespread outage will be triggered within Falcon. Two factors are attributed to this global problem: the extensive deployment and privileged access to system functions.
In other news, Inquirer reports that the Microsoft outage also hit the IT operations of the Paris Olympics. On the other hand, Splash247 writes that shipping companies also fell victim to this abrupt downtime.