CrowdStrike Outage What Happened - [Explained]

What Really Happened? The CrowdStrike Outage Explained

By Dan Callahan  •  July 20, 2024  •  2148 Views

Today, the world witnessed one of the most significant cybersecurity outages in recent history. CrowdStrike, a leading provider of cybersecurity solutions, experienced a massive outage that rippled across the globe, affecting countless businesses and individuals. In this blog post, we will delve into the details of the CrowdStrike outage: what happened, the immediate impact, and the broader implications for the cybersecurity landscape.

CrowdStrike Outage What Happened?

Early this morning, reports began to surface about widespread issues with CrowdStrike’s services. Users around the world found themselves unable to access crucial cybersecurity tools, leaving their systems vulnerable. As the day progressed, it became clear that this was not a localized issue but a global outage affecting not just CrowdStrike customers, but Windows computers across multiple regions and industries including airlines, banks, shops, and broadcasters. Microsoft said it had fixed the issue, but problems persist, and blue error screens have been appearing on public screens across the U.S. and beyond.

Crowdstrike Outage – What Went Wrong?

Initial investigations suggest that the CrowdStrike outage was caused by a critical failure in CrowdStrike’s infrastructure. Here is a summary of the incident. CrowdStrike pushed a software update for its Falcon product that contained a bug that caused Windows computers with Falcon to crash. (It did not help that Microsoft Azure experienced an outage at the same time, but the two events are not connected.)

CrowdStrike CEO George Kurtz, said:

“The system was sent an update, and that update had a software bug in it and caused an issue with the Microsoft operating system.”

The CrowdStrike outage affected more than CrowdStrike. It caused Windows computers running Falcon to crash, hampering, or stopping the business processes running on those computers.

The Immediate Impact

The CrowdStrike outage had immediate and far-reaching consequences. Many businesses rely on CrowdStrike for real-time threat detection and mitigation. Without access to these critical services, they were left exposed to potential cyber threats. Key impacts included:

  • Operational Disruptions: Companies experienced significant operational disruptions as they scrambled to secure their networks without CrowdStrike’s tools.
  • Financial Losses: The downtime resulted in financial losses due to halted operations, missed transactions, and emergency response measures.
  • Reputation Damage: Trust in CrowdStrike’s reliability took a hit, raising questions about the resilience of even the most reputable cybersecurity providers.

Crowdstrike Outage – The Resolution

CrowdStrike’s response to the outage has been swift. The company’s incident response team worked around the clock to identify the root cause of the CrowdStrike outage and restore services. Here are the steps they took:

  1. Immediate Isolation: Affected servers were isolated to prevent the spread of the issue.
  2. Root Cause Analysis: Teams conducted a thorough root cause analysis to identify the problem.
  3. Communication: CrowdStrike maintained open lines of communication with their customers, providing regular updates and guidance.
  4. Service Restoration: Efforts to restore services were prioritized, with critical sectors receiving immediate attention.
  5. Post-Incident Review: A comprehensive post-incident review was initiated to learn from the event and strengthen defenses.

Kurtz stated that while some customers would see their computers fixed automatically, others would require manual work to fix.

CrowdStrike’s threat-hunting operations director said the fix involves booting Windows into Safe Mode or the Windows Recovery Environment (Windows RE), deleting the file “C-00000291*.sys” and then restarting the machine.

Lessons Learned

The CrowdStrike outage underscores several important lessons for the cybersecurity community:

  1. Resilience and Redundancy: Even the most robust systems need layers of redundancy and resilience to withstand unexpected failures.
  2. Proactive Monitoring: Continuous monitoring and rapid response capabilities are crucial to mitigating the impact of outages.
  3. Transparent Communication: Clear and transparent communication during a crisis helps maintain trust and guide affected parties.
  4. Collaborative Defense: Cybersecurity is a collaborative effort. Businesses must work together with their providers to ensure comprehensive protection.

Looking Ahead

As services return to normal, the focus shifts to preventing future incidents. CrowdStrike has pledged to conduct a thorough review of their systems and processes to enhance their resilience. For businesses, the CrowdStrike outage is a stark reminder of the importance of having robust contingency plans and diversifying their cybersecurity strategies.

The CrowdStrike outage serves as a wake-up call for the entire cybersecurity industry. It highlights the need for continuous innovation, vigilant monitoring, and collaborative defense mechanisms to protect against the ever-evolving landscape of cyber threats.

While today’s events were disruptive, they also offer an opportunity to learn and strengthen our defenses. As we navigate the aftermath of this outage, let us remain vigilant and committed to safeguarding our digital world. We at Netwoven look back at articles like this one to learn what organizations should be doing when incidents like this occur in the future.

Cyber Security Company

Streamline Your Security

Ready to seamlessly transition from CrowdStrike to Microsoft Defender XDR? Join our expert-led 1-day workshop and unlock a smoother migration experience. Reserve your spot today and elevate your security operations effortlessly.

Dan Callahan

Dan Callahan

Dan Callahan is an Engagement Manager in Netwoven’s Cloud Infrastructure and Security practice. Dan is responsible for interfacing with Netwoven customers and internal delivery teams to execute projects on time, on budget, and with excellent customer service. Dan brings over 20 years of experience in the Information Technology field with 10 years in Microsoft technologies. He has experience in multiple business verticals such as healthcare, finance, manufacturing, and nonprofits. Dan previously worked at CGNET, where he created its cloud services and cybersecurity practices. Dan has been a featured speaker on cybersecurity at numerous conferences and webinars. Prior to CGNET, Dan held Director- and VP-level positions at iPass, SOMA Networks, Daintree Networks, and YouSendIt. Dan has more than 20 years of experience in the broadband, networking, energy management, mobility, and cloud-based services industries. Dan holds a B.A. in Anthropology from Stanford University and an M.S. in Management from the MIT Sloan School of Management. When he is not helping customers, Dan likes to spend time on woodworking, vegetable gardening, travel, doting on his grandchildren, and cooking.

Leave a comment

Your email address will not be published. Required fields are marked *

Dublin Chamber of Commerce
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Partner
Microsoft Fast Track
Microsoft Partner
Microsoft Fabric
MISA
MISA
Unravel The Complex
Stay Connected

Subscribe and receive the latest insights

Netwoven Inc. - Microsoft Solutions Partner

Get involved by tagging Netwoven experiences using our official hashtag #UnravelTheComplex