A software update by cybersecurity company CrowdStrike was responsible for taking down millions of Windows PCs, some of them in critical industries.
Last Friday, reports started to come in from companies and organizations from different parts of the world that they experienced computer issues.
This incident affected airports, TV stations, air traffic control systems, banks, ticket purchase systems, retailers, and systems of other companies and organizations. Flights could not take off, flight tickets could not get printed, TV broadcasters went offline, hospitals and banks were affected, and numerous other industries experienced service interruptions.
The initial panic of a world-wide cyberattack turned out to be wrong. Instead, security analysts and administrators from all over the world suggested that the issue was caused by a faulty update of security software. One developed and maintained by CrowdStrike.
What is CrowdStrike?
CrowdStrike is a Texas-based cybersecurity company that develops security products. It is a market leader for endpoint security products and many Fortune 500 companies and other organizations use CrowdStrike products for security.
The company's Falcon security product is an Enterprise Detection and Response (EDR) security software for devices. System updates are pushed via so-called channel files, which are pushed to connected devices automatically.
What happened on Friday and on the weekend?
Cybersecurity company CrowdStrike released a security update on Friday that auto-installed on millions of Windows PCs. This update was faulty and it caused bluescreen errors on PCs it was installed on.
While Windows PCs were affected, the issue itself was not caused by Microsoft or Windows.
Administrators could not restore access to the devices easily, which meant that critical systems remained offline. Up to the day of writing, some systems remain offline.
Workarounds were published quickly, for instance on Reddit and other forums. Microsoft published guidance on Saturday, and CrowdStrike did so on Friday already. There is also a long technical post that provides answers to common issues.
Microsoft said on Saturday that 8.5 million Windows PCS were taken offline because of the security update. It also said that this affected less than 1 percent of the entire Windows population.
However, CrowdStrike solutions are not available for home users and small businesses. This makes it a much larger incident percentage-wise, considering that only Enterprise customers could potentially use the company's security solutions.
Microsoft published a recovery tool on Saturday that admins could run to recover the system either from WinPE or safe mode.
On BitLocker enabled machines, it is also necessary to enter the BitLocker recovery key according to the posted instructions. This Microsoft support page may be helpful to find out where to look it up.
How could this happen?
CrowdStrike has not published a full account of the incident. The big question that is on anyone's mind, and especially on the minds of system administrators who spend many hours on Friday and possibly the weekend to resolve the issue, is "how could this happen".
How could CrowdStrike release an update that was obviously faulty? How did CrowdStrike test the update before its release? How could it land automatically on more than 8 million PCs before its distribution was stopped?
These have not been answered by CrowdStrike up to this point.
What about you? Where you affected by CrowdStrike, e.g., as an administrator who had to repair affected Windows PCs?
Thank you for being a Ghacks reader. The post CrowdStrike in a nutshell: how a faulty software update took down millions of Windows PCs appeared first on gHacks Technology News.
0 Commentaires