CrowdStrike Inc. co-founder and CEO George Kurtz speaks at the Montgomery Summit in Santa Monica, California.
Patrick T. Fallon Bloomberg | Getty Images
A glitch in an update released by cybersecurity firm CrowdStrike on Friday caused a cascading effect on IT systems around the world, with industries from banks to airlines facing service outages.
As businesses around the world grapple with ongoing power outages, services to banks and healthcare providers have been disrupted and television broadcasters have been crippled. Air travel has also been hit hard Planes grounded and service delays.
At the heart of the problem is Texas cybersecurity vendor mass strike. On Friday, cybersecurity companies experienced significant damage After a software update problem occurs.
So what exactly happened? CNBC takes a look.
What is CrowdStrike?
CrowdStrike is a cybersecurity vendor that develops software to help companies detect and block hacker attacks. It is used by many of the world’s Fortune 500 companies, including major global banks, healthcare and energy companies.
CrowdStrike is a so-called “endpoint security” company because it uses cloud technology to apply network protection to devices connected to the Internet.
This differs from the alternative approach used by other web companies, which involves applying protection directly to back-end server systems.
“A lot of companies are using (CrowdStrike software) and installing it on all the machines in their organization,” Nick France, chief technology officer of IT security company Sectigo, told CNBC’s “Squawk Box Europe” on Friday.
“So when a potentially problematic update occurs, it causes the machine to reboot and people are unable to return to their computer.”
What happened on Friday?
On Friday, people around the world began encountering an error screen known as the “Blue Screen of Death.”
This problem is a common problem in computers, such as machines overheating, and is the result of updates from cybersecurity companies mass strike About its Falcon product.
Falcon is a platform the company developed to stop cyber breaches using cloud technology – and is at the heart of the company’s focus on endpoints. CrowdStrike said on Friday it was rolling back the update globally.
CrowdStrike’s software requires deep access to a computer’s operating system to scan for threats. During Friday’s outage, machines running Microsoft’s Windows operating system crashed due to a glitch in the way a software update released by CrowdStrike interacted with Windows.
“We are aware of an issue affecting virtual machines running Windows Client and Windows Server running the CrowdStrike Falcon agent that may experience a bug check (BSOD (Blue Screen of Death)) and get stuck in a reboot state. We The impact is estimated to begin on July 18 at approximately 19:00 UTC,” Microsoft said in an update at 5:40 a.m. ET.
“We can confirm that CrowdStrike has withdrawn the affected updates. Customers who continue to experience issues should contact CrowdStrike for additional assistance,” the company added.
Tenable senior researcher Satnam Narang told CNBC on Friday that the outage was “unprecedented.”
“The challenge here is that the security software – because it’s doing its job of protecting the organization – it has to have more privileged access to these machines,” he said.
So while people may think of IT problems as Windows problems, “it’s not really a Windows problem, it’s about bugs or incorrect updates to these security software,” Narang added.
Fix released
Previously, Microsoft said its cloud services had Restoring after power outage This affects Azure services and the Microsoft 365 suite of applications in the Central US region. A company spokesperson said these are two separate and unrelated issues – one with Azure and the other with CrowdStrike.
They added that they “expect to reach a resolution on the CrowdStrike issue soon.”
CrowdStrike CEO George Kurtz said in an update to social media platform .
“This is not a security incident or cyber attack. The issue has been identified, isolated and a fix has been deployed,” Kurtz says.
However, this fix may be difficult to implement. Andy Grayland, director of information and security at threat intelligence company Silobreaker, said that in order to implement the fix, engineers had to access the data center of each running window.
He said they then had to log in, navigate to a CrowdStrike file, delete it, and then reboot the entire system.
“With machines encrypted, complex encryption keys also need to be entered manually. Unless Microsoft and CrowdStrike (if they are involved) pull a miracle out of the bag, recovery could be a pain.”