Page Loader
Summarize
CrowdStrike's faulty update affected 8.5m Windows devices globally, Microsoft reveals
The update caused global disruption

CrowdStrike's faulty update affected 8.5m Windows devices globally, Microsoft reveals

Jul 21, 2024
10:34 am

What's the story

The worldwide tech disruption, triggered by a faulty update from cybersecurity firm CrowdStrike, has affected 8.5 million Windows devices, according to Microsoft. Despite representing "less than one percent of all Windows machines," the impact was substantial enough to interrupt operations across various industries including retail, banking, and airlines. Separately, a technical breakdown released by CrowdStrike on Friday, explained what happened and why so many systems were affected simultaneously.

Technical breakdown

Faulty update triggers system crash, blue screen

Per CrowdStrike, the issue originated from a configuration file known as "Channel Files," which are integral to the Falcon sensor's behavioral protection mechanisms. CrowdStrike says the file was not a kernel driver but was responsible for "how Falcon evaluates named pipe execution on Windows systems." The problem surfaced when a sensor configuration update, triggered a logic error, resulting in a system crash. The affected devices were those running Falcon sensor for Windows 7.11 and above, that downloaded the updated configuration.

Joint effort

Tech giants collaborate to fix issue

Security researcher Patrick Wardle noted that CrowdStrike's channel file updates were pushed to computers, regardless of any settings meant to prevent such automatic updates. Microsoft's VP of Enterprise and OS Security, David Weston, stated in a blog post that Microsoft is working with CrowdStrike to develop a scalable solution. This collaboration aims to aid Microsoft's Azure infrastructure in accelerating a fix for the faulty update. Assistance has also been sought from Amazon Web Services (AWS) and Google Cloud Platform (GCP).

Misdirected update

The update was aimed at new cyberattack techniques

CrowdStrike explained that the sensor configuration update was designed to target newly observed malicious named pipes used by common C2 frameworks in cyberattacks. However, it instead triggered an operating system crash on devices running Windows 7.11 and above that use CrowdStrike's Falcon sensor. Microsoft emphasized the interconnected nature of the tech ecosystem, and the importance of operating with safe deployment and disaster recovery mechanisms.