Inside the July 2024 CrowdStrike Outage

Kenny Grayson
August 1, 2024

On July 19, 2024, CrowdStrike released a routine sensor configuration update to its Falcon platform for Windows systems. This update, meant to enhance security by targeting newly observed malicious activities, inadvertently triggered a logic error. Results included system crashes and the infamous “blue screen of death” (BSOD) on affected Windows devices within minutes of the update being deployed.

Immediate Repercussions

Airlines
- Many flights were grounded as critical systems used for flight operations and passenger services were affected.
Banking
- Payment systems faced disruptions, impacting financial transactions globally.
Media and Other Sectors
- Various organizations experienced operational interruptions, leading to significant business disruptions.

The outage affected approximately 8.5 million Windows devices, which is less than one percent of all Windows machines worldwide. Nevertheless, the scale of the disruption highlighted the critical dependency on cybersecurity solutions like CrowdStrike Falcon.

Response and Recovery

CrowdStrike acted swiftly to mitigate the issue. Within a few hours, the faulty update was withdrawn, and a corrected version was deployed.

However, the remediation process required users to manually delete specific files from their systems or use recovery tools provided by CrowdStrike and Microsoft. This process often involved booting affected systems in safe mode to remove the problematic update.

Long-Term Measures

In response to the incident, CrowdStrike undertook a thorough root cause analysis to understand how the logic error occurred and to prevent future incidents.

They emphasized the importance of ongoing vigilance against malicious activities exploiting such vulnerabilities.

CrowdStrike, along with cybersecurity agencies like CISA, provided continuous updates and guidance to help organizations safeguard their systems against potential follow-up attacks leveraging the outage.