CrowdStrike or Microsoft: Who's to Blame for Global IT Outage?

Businesses on Friday afternoon (Eastern time) were still recovering from a global IT outage caused by a CrowdStrike update that impacted airports, banks, hospitals, retailers and more.

The CrowdStrike update caused computers across the globe to crash and display what's commonly referred to as the "blue screen of death." The unprecedented outage knocked Microsoft users offline across continents.

CrowdStrike sent us its latest statement:

“Today was not a security or cyber incident. Our customers remain fully protected. We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on. As noted earlier, the issue has been identified and a fix has been deployed. There was an issue with a Falcon content update for Windows Hosts.”

The outage did not impact Mac and Linux hosts, CrowdStrike said.

Microsoft told CNBC its cloud services were restored after the global IT outage. We couldn't reach Microsoft for additional details.

Never Release On Friday

Kaspersky, which is shutting down its U.S. operations due to a ban on its software, released a blog on the outage, saying: “Ever heard the unspoken rule: 'Never release on Friday'? We have, but CrowdStrike hasn’t. They released a tiny driver on an ordinary Friday morning, which became the cause of a huge outage all over the world. Various medical centers, chain stores, the New York subway, the largest bank in South Africa and many other organizations that make lives more comfortable and convenient on a daily basis were affected,” it said.

Agnidipta Sarkar, ColorTokens’ vice president of CISO advisory, said the most important comments he’s hearing are from those who are monitoring the dark web.

ColorTokens' Agnidipta Sarkar

“Allegedly bad actors are preparing to attack as people recover, because they would be most vulnerable then,” he said.

Callie Guenther, Critical Start’s senior manager of cyber threat research, said the CrowdStrike outage can be compared to the October 2018 Microsoft Windows 10 update incident.

“The Microsoft update caused file deletions and system instability, impacting users globally and leading to a halted rollout and extensive remediation efforts,” she said. “Microsoft faced reputational damage and customer trust issues, which required substantial recovery efforts, including data restoration. Similarly, CrowdStrike is likely to experience reputational damage, customer trust challenges and significant recovery efforts due to the recent outage. The full impact on CrowdStrike will depend on their incident response, and communication effectiveness with affected customers. Both incidents underscore the critical importance of rigorous testing for software updates and the challenges in managing widespread disruptions post-deployment.”

CrowdStrike Did ‘Poor Job’ Executing Update

Peter Avery, vice president of security and compliance at Visual Edge IT, a managed security services provider, said CrowdStrike did a “poor job” of executing an update.

Visual Edge IT's Peter Avery

“They should have tested this,” he said. “It should have been tested in sandboxes, in many environments before it goes out. I chose not to use CrowdStrike in my organization because I saw how their update system worked, and some of the redundancies that are good to have and back-end systems that I didn't see. But the bigger picture is how fragile the world really is. All of these companies should have an incident response plan in place. The local 7-11 [where] you go to pick up your morning coffee before you go to work, they can't conduct business. Speedway, the organization that provides gas to people driving to work, can't give gas. And many hospitals are down. If you're flying today, it's a bad thing for you. Some people are stuck on the tarmac waiting for clearance to go, and they're unable to eat or get off the plane. And it’s not just a cyber or technical issue. There [are] a ton of different phenomena that can cause an outage, like solar flares that can take out our communications and electronics.”

Microsoft, Not CrowdStrike, to Blame For Global IT Outage

On the other hand, J.J. Guy, CEO of Sevco Security, an asset intelligence provider, blames Microsoft, not CrowdStrike, for the global IT outage.

“Yes, CrowdStrike pushed a kernel-level update that causes widespread blue screens,” he said. “Yes, that should have been caught during quality assurance (QA) and I'm sure we will get an after-action report that details why release procedures didn't catch it. But software bugs happen. They are unavoidable - even for top-tier shops like CrowdStrike. This is a high-impact incident not because there was a blue screen, but because it causes repeated blue screens on reboot and [appears as of right now] to require manual, command-line intervention on each box to remediate (and even harder if BitLocker is enabled). That is the result of poor resiliency in the Microsoft Windows operating system. Any software causing repeated failures on boot should not be automatically reloaded. We've got to stop crucifying CrowdStrike for one bug, when it is the OS's behavior that is causing the repeated, systemic failures.”