Microsoft says less than 1% of its systems affected by CrowdStrike failure
Less than 1% of all Windows machines have been affected by the failing CrowdStrike update, Microsoft announced. That still amounts to 8.5 million devices across key industries such as aviation, healthcare and banks.
The airline industry largely recovered Saturday from the outage that caused thousands of flights to be canceled.
According to Microsoft, the incident demonstrates the connectedness between global cloud providers, software platforms, security providers and other software companies. The company stated that software updates sometimes cause disruptions, but situations like the one with CrowdStrike were rare.
The computer failure was caused by a logic error in an updated intended to detect malware attacks, CrowdStrike stated in its own analysis.
George Kurtz, CrowdStrike’s top executive, promised “full transparency” on what caused the global computer failures. He also said he was investigating what steps the company should take to prevent a recurrence.
CrowdStrike, however, has a history with updates before, though it went largely unnoticed.
In April, a CrowdStrike update caused all Debian Linux servers at an undisclosed tech lab to crash and refuse to boot at the same time. The update turned out to be incompatible with the latest stable version of Debian, even though the specific Linux configuration was supposedly supported.
A team member involved in the incident expressed dissatisfaction with CrowdStrike’s slow response. It took them weeks to figure out the cause, which was that the Debian Linux configuration was not included in their testing programme.
CrowdStrike users also reported similar problems after upgrading to RockyLinux 9.4, with their servers crashing because of a kernel bug. Again, Crowdstrike acknowledged that insufficient attention had been given to compatibility issues between different operating systems.
It is also not clear why CrowdStrike rolled out the update for Windows worldwide all at once and not in stages, which could have prevented many problems.
CrowdStrike seems to have hedged against this kind of incident. The terms and conditions for its Falcon security software – used by companies and government agencies around the world – limit liability to what is called ‘paid fees’. As a result, companies that file claims cannot be reimbursed for the full damages, but only what they paid to CrowdStrike.
Larger companies using CrowdStrike’s software – such as some of the affected airlines or hospital chains – may have negotiated contracts with different terms. Presumably most of the damages will be settled with cyber insurers.
However, the reputational damage will do the company no good. Shareholders are also expected to file lawsuits against the company. US stock market watchdog the Securities & Exchange Commission (SEC) is also getting involved. The company, which is publicly traded, will have to file a so-called 8-K report with the SEC in the coming days detailing what went wrong with the Falcon update.
Subscribers 0
Fans 0
Followers 0
Followers