Microsoft-CrowdStrike’s Outage Heralds 'Increased Vulnerabilities' Period
This story was updated on Monday, July 22 at 4:35ET.
A massive system outage disrupted systems around the world, grounding flights, disrupting health care, transport and logistics, banking services and critical infrastructure.
The issue hit computers running Microsoft Windows operating system and CrowdStrike software.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” the company said in a release.
"We’re working around the clock and providing ongoing updates and support. Additionally, CrowdStrike has helped us develop a scalable solution that will help Microsoft’s Azure infrastructure accelerate a fix for CrowdStrike’s faulty update," Microsoft said in a blog post authored by David Weston, vice president, Enterprise and OS Security.
The outage was only limited to computers running Microsoft’s operating system.
Machines running Mac and Linux system software have not been affected, according to CrowdStrike.
Brandon Hart, chief technology officer at Everything Blockchain, summarized the situation in three points in an email to SIGNAL Media:
- Operational disruptions: Data centers may face significant downtime, impacting service availability and reliability due to the [blue screen of death] issues.
- Security concerns: The reliance on CrowdStrike for endpoint protection may lead to increased vulnerabilities until all systems are patched.
- Resource allocation: Data centers might need to reallocate resources to manage these outages, affecting other planned activities.
Hart’s last points stand as a warning for the near future.
“While teams scramble to restore operations by any means necessary, they are prioritizing uptime of operations versus security, so they might be inadvertently creating more loopholes, more misconfigurations and basically more vulnerabilities that can be taken advantage of,” said Nadir Izrael, chief technology officer and co-founder of Armis, a cybersecurity company.
Meanwhile, cellphones were not affected.
“Mobile devices aren’t really at any threat,” said Justin Endres, chief revenue officer, Seclore. And geographic impact does not seem to have been uniform.
“North America is seeing only a fraction of what Asia is seeing right now,” Endres told SIGNAL Media in an email.
While teams scramble to restore operations by any means necessary, they are prioritizing uptime of operations versus security.
While many details and a timeline are still unclear, some experts have tried to explain what could have been the cause of the incident.
“This appears to have been a failure of process and [quality assurance], releasing something that was incorrect, perhaps driven by intense market pressures in the vendor race to have the best and greatest features, or in response to the evolving threat landscape and increased need for detection,” said Guy Golan, CEO and executive chairman of cybersecurity firm Performanta.
Another expert pointed toward a “perfect storm” where both companies should share the blame equally.
“Microsoft’s archaic directory structure and architecture is as much to blame for this global outage as CrowdStrike’s actions were,” said Richard Bird, chief security officer at Traceable, a cybersecurity company.
“Technologists have been fighting the negative consequence of this folder-based system for decades, and Microsoft has done little to mitigate the risks that one day that structure would result in an incident just like this,” Bird explained.
Meanwhile, the U.S. Department of Defense (DoD) has neither confirmed nor denied a disruption in operations.
"DoD is aware of the reporting, and personnel are monitoring our networks for possible impacts. For operational security reasons, we do not comment on the status of our network operations, information systems or operations to assess cyber threats," a DoD spokesperson told SIGNAL Media in an email.
For an expert, this issue does not seem to be a supply chain attack. Still, William MacMillan, chief product officer at Andesite, stressed the width and depth of Friday’s disruption.
“The widespread outages across the globe are another reminder of how far-reaching a single attack on a major company could be in today’s highly complex technology ecosystem,” MacMillan said.
Kimberly Underwood contributed to this report.
