Crowdstricken

Crowdstricken: all about the update that took down 8.5 million Windows computers.

Crowdstricken

On July 19th an Crowdstrike, a cybersecurity company, released a faulty update that took down 8.5 millions Windows computers. The update broke banks, airlines, airports, and numerous other businesses. Further Crowdstike’s update was so bad it required IT technicians to manually install a fix on top of all the lost business costs. And insurance isn’t covering most of those costs.

Almost immediately on reports of the outage, scammers were posting fake fixes and fake news.

Microsoft worked with Cloudstrike to create a fix. But the fix required IT technicians to physically change each machine.

Why did the update stop Windows from booting?

As folks got better at updating their operating system, hackers started to dig deeper into systems to attack them. Hackers started going after the time before Windows fully loads to infect computers. Antivirus companies in response also started to dig deeper loading their product early in the boot process in something called kernel mode. Crowdstrike released an update that actually broke the Windows boot process because their new code broke the kernel mode rules. Because it was so early in the boot process, technicians had to manually load the fix via USB sticks for Windows to start normally.

Why didn’t they test it first?

Yes, Crowdstrike should have tested the update properly before releasing it. Instead loading the update onto a real computer or a virtual machine, Crowdstrike used a software tester that passed the code.

For a small business, best practice for Windows updates is to wait a few days after Patch Tuesday (second Tuesday of the month) before applying the updates. However you want antivirus updates as soon as they are released. Big companies do have more resources for testing all updates before rolling them out to everyone. Most big companies rolled out this update without testing because it was what Crowdstrike called a malware signature update NOT new code in the software.

But I want to blame Microsoft

It’s tempting to blame Microsoft. Why is Microsoft allowing software vendors to install things that break Windows? At this point Microsoft now says they will discourage use of kernel mode drivers by security tools. Further Microsoft has started The Microsoft Virus Initiative to work with cybersecurity vendors. After all Microsoft is the expert on releasing untested security updates that break Windows. Could this be the year Pantone choses Windows Blue screen as colour of the year?

Crowdstricken