The Microsoft-CrowdStrike outage has been the talk of the town for the last couple of days. This might be a good opportunity to present an objective look at this case study.
WHAT IS CROWDSTRIKE?
CrowdStrike is a cybersecurity firm that helps protect most of the Windows-run operating systems. Their Falcon Sensor software, which is the root cause of this havoc, is supposedly helpful in protection from cyberattacks.
This has resulted in many systems to display the infamous and dreaded “BSOD”-“Blue Screen Of Death”, which is an error screen that halts all operations of that system and can even lead to potential loss of data.
The outage has had a global impact, affecting various platforms such as Microsoft 365, Azure, Amazon Web Services, and even social media sites like Instagram and eBay. Downdetector, which tracks online service outages, shows significant disruptions across these services.
The issue had grounded flights from airlines including Delta, United, and American Airlines in the U.S., as well as IndiGo in India. Sky News experienced difficulties broadcasting live, and some supermarkets faced payment processing issues, leaving customers unable to complete purchases.
This issue was seemingly caused due to a defect in a single content update for Window hosts, according to George Kurtz, CEO of CrowdStrike. In his X(formerly Twitter), he tweeted “This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed.”
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted the public that cybercriminals are exploiting the recent Microsoft outage to conduct phishing attacks and other forms of malicious activity. In response to the situation, Microsoft Chairman and CEO Satya Nadella announced that the company is actively working to restore global systems securely.
But, there is a more important question that might intrigue you: why weren’t all Windows systems affected?
The disruption was primarily linked to a conflict between Microsoft’s software and CrowdStrike’s Falcon Sensor endpoint protection. Nanda Kishore, a cybersecurity researcher, spoke to Mathrubhumi English and explained, “The outage affects computers running the Falcon Sensor due to a conflict with Microsoft’s agent. It is not a Microsoft-created issue but rather one stemming from CrowdStrike.”
Not all computers using Microsoft services were impacted. Kishore clarified, “The outage does not affect all Microsoft systems. It is specifically the systems with CrowdStrike’s Falcon Sensor that are experiencing issues. Systems without this particular security software remain unaffected.” This distinction explains why only a subset of computers faced disruptions.
So, the worst affected were prominent airlines(SpiceJet, IndiGo, American Airlines and Delta). financial institutions(JP Morgan Chase, CommonWealth Bank), hospitals, some media channels and other emergency services.
This outage should be a big reminder of how a seemingly insignificant bug being neglected can lead to disastrous results.