Global IT Outage Caused By Crowdstrike Falcon EDR Updates
Millions impacted by Microsoft x Crowdstrike outage
Welcome to The Cybersecurity Pulse! I'm Darwin Salazar, Product Manager at Monad and a former Detection Engineer. Each week, I distill the latest and most exciting developments in cybersecurity innovation into digestible, bite-sized updates. If you’re serious about staying at the forefront of the latest in security products and industry news make sure to hit the “Subscribe” button below to get my insights delivered straight to your inbox every week 📩 🚀
First off, good morning. This is a very wild time to be alive for several reasons. At the moment, millions of Windows endpoints are experiencing the Blue Screen of Death (BSOD) and boot loop caused by a recent Crowdstrike CRWD 0.00%↑ Falcon endpoint sensor update.
This has caused business operations across the globe to come to a screeching halt. Amongst those impacted are major banks, 911 services, airlines, railways, and news stations across the APAC, EU and the Americas.
Good news is that there does seem to be a workaround and you can bet that the Crowdstrike team is busting their ass to get this issue resolved. See below for the latest technical advisory (TA) pushed by Crowdstrike:
Bad news is that I am hearing rumblings that the agent version rollback is super hard as the systems are not connected to internet anymore. Workaround seems to be basically deleting/renaming the directory containing Crowdstrike binaries.
Obviously, much damage has already been done but the story still seems to be developing and as the rest of the world wakes up in the US, we will certainly be learning more about the outage and its impact.
The CRWD 0.00%↑ stock is down over 19% in pre-market trading meaning that over ~$16B in market cap has already been wiped off.
This is a huge reality check for the industry and for the world.
My thoughts and prayers are with the responders from both the Microsoft and Crowdstrike teams and anyone else severely impacted by the outage. The gravity of the situation cannot be overstated and the implications of an outage like this will be long felt.
If you’re a competitor or not a fan of CRWD, right now is not the time to ambulance chase or post memes. Imagine this happening to you. Not fun.
That said, the story is still very much in its infancy and we will learn much more over the next 8-12 hours. I’m sure we will talk about this in-depth in a future TCP issue and I truly hope the Crowdstrike team releases a post-mortem on this so that we can all learn from it. In the meantime, here are a few trusted outlets and resources to keep a pulse on as things unravel:
Disclaimer: The information presented in this post consists of factual observations regarding the current situation, as I understand them. The facts shared here are based on my direct knowledge and should not be considered as comprehensive or final. For official information, please refer to the dedicated news sources I shared above.