CrowdStrike Update Failure Affected Millions of Windows Computers Worldwide
At the end of this week, a major outage occurred on computers running Microsoft Windows that had CrowdStrike security software installed. The update of this software caused widespread failures, affecting around 8.5 million PCs worldwide. However, Microsoft stated that this represents less than 1% of all functioning Windows systems.
Microsoft published data on the scale of the incident in its blog. According to the company’s assessment, the outage caused by the failed CrowdStrike Falcon update affected computers in different countries, but the total number of impacted devices accounted for less than 1% of all Windows systems.
Despite this, David Weston, Vice President of Enterprise and OS Security at Microsoft, noted: “Although the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services.”
“This incident demonstrates the interconnected nature of our broad ecosystem — global cloud providers, software platforms, security vendors and other software providers. It also reminds us how important safe software deployment and disaster recovery are, using reliable mechanisms,” a Microsoft representative added.
According to Microsoft, CrowdStrike has already provided a scalable fix to help restore the operation of Amazon’s cloud infrastructure. Microsoft is also working with Amazon and Google to identify the best ways to address the consequences of the incident.
In addition, hundreds of Microsoft technical support specialists are helping eliminate the impact across customer infrastructures, while internal specialists at affected companies are receiving urgent recovery instructions.
Information security experts note that the wide publicity around the incident has attracted the attention of attackers attempting to gain access to the infrastructures of affected companies by posing as CrowdStrike or Microsoft technical consultants.
According to some estimates, because CrowdStrike update files may need to be removed manually from computers, full infrastructure recovery in some affected companies may take from several days to several weeks.
At the end of this week, a major outage occurred on computers running Microsoft Windows that had CrowdStrike security software installed. The update of this software caused widespread failures, affecting around 8.5 million PCs worldwide. However, Microsoft stated that this represents less than 1% of all functioning Windows systems.
Microsoft published data on the scale of the incident in its blog. According to the company’s assessment, the outage caused by the failed CrowdStrike Falcon update affected computers in different countries, but the total number of impacted devices accounted for less than 1% of all Windows systems.
Despite this, David Weston, Vice President of Enterprise and OS Security at Microsoft, noted: “Although the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services.”
“This incident demonstrates the interconnected nature of our broad ecosystem — global cloud providers, software platforms, security vendors and other software providers. It also reminds us how important safe software deployment and disaster recovery are, using reliable mechanisms,” a Microsoft representative added.
According to Microsoft, CrowdStrike has already provided a scalable fix to help restore the operation of Amazon’s cloud infrastructure. Microsoft is also working with Amazon and Google to identify the best ways to address the consequences of the incident.
In addition, hundreds of Microsoft technical support specialists are helping eliminate the impact across customer infrastructures, while internal specialists at affected companies are receiving urgent recovery instructions.
Information security experts note that the wide publicity around the incident has attracted the attention of attackers attempting to gain access to the infrastructures of affected companies by posing as CrowdStrike or Microsoft technical consultants.
According to some estimates, because CrowdStrike update files may need to be removed manually from computers, full infrastructure recovery in some affected companies may take from several days to several weeks.