A ‘blue screen of death loop’: How a Crowdstrike update crashed Microsoft systems around the world

US cybersecurity company Crowdstrike has experienced major technical issues, affecting online servers worldwide, disrupting many airports, railways, telecoms companies, media organisations and the NHS.

But what is Crowdstrike, and how has it caused a global IT outage?

What is Crowdstrike?

While the exact cause of the outage remains unclear, widespread disruptions to Microsoft Windows systems are believed to be due to a faulty update to Crowdstrike, a well-known malware tool used by businesses, governments, and other organisations worldwide.

The Texas-based firm specialises in protecting computers and data from cyberattacks.

Crowdstrike Falcon, the company’s flagship product and the reported source of today’s tech crash, acts like an antivirus, using artificial intelligence and machine learning to detect and prevent threats.

It also provides threat intelligence, incident response services, and cloud protection to help clients defend themselves against and recover quickly from cyber attacks.

So, what triggered the Microsoft crash

From what is known so far, an update to Crowdstrike’s software has triggered a ‘blue screen of death’ loop on affected Microsoft Windows machines, causing them to boot and crash repeatedly.

An automatic overnight installation of the update on multiple Windows systems has exacerbated the issue.

“It’s definitely a supply chain style incident,” explained Ilkka Turunen, chief technology officer at software company Sonatype, “what it shows is that one popular vendor botching an update can have a huge impact on its customers and how far a single well-orchestrated update can spread in a single night.

“It’s not yet clear if the contents were due to malicious reasons, but it shows how quickly targeted attacks on popular vendors could spread,” Turunen added.

A Microsoft spokesperson said: “We are aware of issue affecting a subset of customers. We acknowledge the impact this can have on customers, and we are working to restore services for those still experiencing disruptions as quickly as possible.”

Crowdstrike, which was not immediately available for comment, has said the cause is currently under investigation.

Jake Moore, global cybersecurity advisor at ESET, said one aspect of the incident is due to a lack of diversity in the use of large-scale IT infrastructure. He said: “This applies to critical systems like operating systems (OSes), cybersecurity products and other globally deployed (scaled) applications.

“Where diversity is low, a single technical incident, not to mention a security issue, can lead to global-scale outages with subsequent knock-on effects.”

Related posts

Former fintech ‘unicorn’ Truelayer laid off a quarter of staff in one day

City regulators look to ‘modernise’ redress payouts after slew of scandals

Reeves’ championing of co-operatives is an exciting step for growth