Risk & Repeat: Faulty CrowdStrike update causes global outage

A faulty CrowdStrike channel file update last week disrupted millions of Windows devices as well as countless organizations and services in what has become one of the most high-profile security events of recent memory.

The global outage began last Friday when CrowdStrike released a defective sensor configuration update for its Falcon platform that caused Windows devices to crash and enter reboot loops. Microsoft said only 8.5 million Windows devices were affected by the error -- less than 1% of the total. But organizations including airlines, hospitals and more suffered major service disruptions.

Although CrowdStrike responded quickly -- with assistance from Microsoft -- troubleshooting and recovery options were somewhat complicated because they required manual application. Over the weekend Microsoft released a free USB recovery tool. Both CrowdStrike and Microsoft provided a number of remediation techniques to facilitate the process.

However, despite these efforts and CrowdStrike saying this week that a "significant number" of affected devices have been restored, the recovery process is ongoing as CrowdStrike investigates the root cause of the incident.

Editor's note: This podcast was recorded before CrowdStrike published its preliminary Post Incident Review report Wednesday, which revealed that a bug in the Content Validator of the Falcon platform allowed the defective channel file update to pass validation checks before it was sent to customers. CrowdStrike said its full investigation results will be released in a forthcoming root cause analysis report.

On this episode of the Risk & Repeat podcast, TechTarget editors Rob Wright, Alex Culafi and Arielle Waldman discussed last week's outage as well as CrowdStrike's response.

This article was updated on 7/24/24.

Subscribe to Risk & Repeat on Apple Podcasts.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.