A faulty update from CrowdStrike to its Falcon endpoint protection service impacted IT systems worldwide dependent on Microsoft Windows machines.
The outage, which has been described at the largest global IT outage to worldwide, led to the severe disruption of businesses, government functions, and health services.
Details
- Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor.
- Windows hosts which have not been impacted do not require any action as the problematic channel file has been reverted.
- Windows hosts which are brought online after 0527 UTC will also not be impacted
- Hosts running Windows 7/2008 R2 are not impacted
- This issue is not impacting Mac- or Linux-based hosts
- Channel file “C-00000291*.sys” with timestamp of 0527 UTC or later is the reverted (good) version.
- Channel file “C-00000291*.sys” with timestamp of 0409 UTC is the problematic version.
Workaround instructions: https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/
Statement from George Kurtz, CEO of CrowdStrike
“CrowdStrike is actively assisting customers affected by a defect identified in a recent content update for Windows hosts. This issue does not impact Mac or Linux hosts and is not related to a security incident or cyberattack. We have identified and isolated the problem, and a fix has been deployed. We advise customers to check the support portal for the latest updates and to continue monitoring our website for comprehensive and ongoing information. We also recommend that organizations communicate with CrowdStrike representatives through official channels to ensure they receive accurate information. Our team is fully mobilized to guarantee the security and stability of our customers’ systems.”
Statement from Microsoft
“We’re working around the clock and providing ongoing updates and support. Additionally, CrowdStrike has helped us develop a scalable solution that will help Microsoft’s Azure infrastructure accelerate a fix for CrowdStrike’s faulty update. We have also worked with both AWS and GCP to collaborate on the most effective approaches.
While software updates may occasionally cause disturbances, significant incidents like the CrowdStrike event are infrequent. We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines. While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services.
This incident demonstrates the interconnected nature of our broad ecosystem — global cloud providers, software platforms, security vendors and other software vendors, and customers. It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist. As we’ve seen over the last two days, we learn, recover and move forward most effectively when we collaborate and work together. We appreciate the cooperation and collaboration of our entire sector, and we will continue to update with learnings and next steps.”
Background Information About CrowdStrike
CrowdStrike was founded in 2011 by George Kurtz, Dimitri Aliev, and Glenn Gerber, with headquarters in Austin, Texas and major office in Sunnyvale, California.
Major Revenue-Producing Services
CrowdStrike’s major revenue-producing services include:
1. Falcon endpoint protection: A cloud-native endpoint security solution that provides real-time threat detection and response.
2. Falcon Intelligence: A threat intelligence platform that provides customers with insights into emerging threats and attack trends.
3. CrowdStrike Services: A team of security experts who provide incident response, threat hunting, and security consulting services to customers.
4. Cloud Security: A cloud-based security solution that provides customers with secure access to cloud-based applications and data.
CEO and Background
George Kurtz is the CEO of CrowdStrike. He has over 30 years of experience in the technology industry, with a focus on cybersecurity. Prior to founding CrowdStrike, Kurtz was the CEO of Foundstone, a leading provider of security services, which was acquired by McAfee in 2006.
Financial Performance
CrowdStrike has experienced rapid growth in recent years, driven by the increasing demand for advanced cybersecurity solutions. Here are some highlights from their financial performance:
- In 2023, Crowdstrike’s revenue was $3.1B.
- In 2022, Crowdstrike’s revenue was $2.2B.
Major Clients and Partners:
- CrowdStrike has a diverse customer base across various industries, including:
- Government agencies: The US Department of Defense, the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI).
- Fortune 500 companies such as Microsoft, Uber, and Netflix.
- Healthcare providers: Organizations such as the Stanford Health Care System and the University of California, San Francisco (UCSF) Medical Center.
Some of CrowdStrike’s notable partnerships include:
- Microsoft: A strategic partnership to integrate CrowdStrike’s Falcon endpoint protection with Microsoft’s Azure Active Directory.
- IBM: A partnership to integrate CrowdStrike’s Falcon endpoint protection with IBM’s Watson for Cybersecurity platform.
- NVIDIA: A partnership to combine CrowdStrike’s threat intelligence with NVIDIA’s graphics processing unit (GPU) technology for AI-powered threat detection.