Tag Archives: CrowdStrike Falcon

Microsoft / CrowdStrike: Who is responsible for global IT outage?

Is Microsoft or CrowdStrike to blame for the global IT outage of Windows-based systems?! Take a look at the viral claims, and find out what the facts really are!

 

Claim : Microsoft Is Responsible For Global IT Outrage, Not CrowdStrike!

On Friday, 19 July 2024 – a day that will live in digital infamy, businesses and organisations worldwide were hit by an IT outage on their Windows-based systems. Inevitably, some people are blaming Microsoft for this debacle…

Circulating on WhatsApp : Very interesting to see how the media is playing down on the disaster.

Question remains “Not sure how microsoft is going to rollback the update or to install the patch as affected pcs have locked themselves out.”

Recommended : Elon Musk Bitcoin + Ethereum Giveaway Scam Alert!

 

Truth : CrowdStrike, Not Microsoft, Is Responsible For Global IT Outrage!

This appears to be complete misunderstanding of the global IT outage that’s happening only to systems and cloud services based on Microsoft Windows, and here are the reasons why…

Fact #1 : Global IT Outage Caused By CrowdStrike, Not Microsoft

Let me start by simply pointing out that the global IT outrage that started on Friday, 19 July 2024, was caused by CrowdStrike, not Microsoft.

Soon after the outage occurred, CrowdStrike announced (and again) that it was caused by a bug in an update to its Falcon threat detection system.

The IT outage notably did not affect all Microsoft customers and users, only those who purchased and installed CrowdStrike Falcon, which is an “endpoint detection and response” software. This kind of software is designed for large organisations, and that is why this global IT outage is mainly affecting those organisations.

The scale is massive, because CrowdStrike is a leading provider of Endpoint Detection and Response (EDR) software. However, home users and small business users are not affected, because they rely on the built-in Windows Defender software, or consumer-grade software from the likes of Norton and McAfee.

Blaming Microsoft for the buggy update that CrowdStrike issued would be like blaming BMW for defective third-party tyres that leak air, and asking the automotive company to replace or fix those tyres.

Fact #2 : Microsoft Denies Responsibility For Global IT Outage

A Microsoft spokesperson has officially denied responsibility for the global IT outage caused by the CrowdStrike update:

CrowdStrike update was responsible for bringing down a number of IT systems globally. Microsoft does not have oversight into updates that CrowdStrike makes in its systems.

Recommended : Will Microsoft Disable Your Computer If You Share Fake News?!

Fact #3 : Global IT Outage Caused By Bug In CrowdStrike Update

As CrowdStrike explained (and again), the infamous Windows Blue Screen of Death (BSOD) that is caused by a bug in an update meant for Windows-based systems.

The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.

We are working closely with impacted customers and partners to ensure that all systems are restored, so you can deliver the services your customers rely on.

CrowdStrike further confirmed that the buggy code was introduced in a single channel file – C-00000291.sys, with the timestamp of 0409 UTC.

As former Google engineer Arpit Bhayani explained, the buggy code was trying to access an invalid memory location, triggering a panic and causing the BSOD.

I saw many engineers blaming the outage on Microsoft 🤦‍♂️ SWEs blaming without knowing the root cause is concerning.

It is not Microsoft, it is Crowdstrike who released an update for Windows that had a bug. The patch runs in Kernel mode to monitor system activity at a low level.

Because it was running in Kernel mode, the buggy code was trying to access an invalid memory location that triggered a panic and which showed Blue Screen of Death.

The name of the driver file that had the buggy update is “C-00000291.sys”, deleting it fixes the issue and unfortunately this needs to be done manually.

Microsoft has nothing to do with it.

Deleting the file, or replacing it with the previous or newer version, fixes the problem. However, it has to be done manually, as the affected computers and servers have “bricked” and cannot be remotely accessed.

Recommended : US Bans Kaspersky Software Over National Security Risk!

Fact #4 : Microsoft Is Supposed To Vet Driver Updates

While Microsoft may not be responsible for the bug in the CrowdStrike update, some cybersecurity experts believe that it may hold some responsibility.

Costin Raiu who worked at Kaspersky for 23 years and led its threat intelligence team, says that Microsoft is supposed to vet the code and cryptographically sign it. This suggests that Microsoft may have also missed the buggy code in the CrowdStrike Falcon kernel driver update.

It’s surprising that with the extreme attention paid to driver updates, this still happened. One simple driver can bring down everything. Which is what we saw here.

Raiu also noted that past updates to Kaspersky and Microsoft’s own Windows Defender antivirus software have also triggered similar Blue Screen of Death crashes in previous years.

Please help us FIGHT FAKE NEWS by sharing this fact check article out, and please SUPPORT our work!

 

Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.

 

Recommended Reading

Go Back To > Fact Check | CybersecurityTech ARP

 

Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!