On July 19, 2024, the cybersecurity platform CrowdStrike released an update for all Windows systems. This update, called the Falcon Sensor Update, was automatically downloaded on 8.5 million Windows systems all around the world. However, what was intended to be a simple security update ended up being as destructive as a worldwide cyberattack for businesses, services, and critical infrastructure.
Around the world, people in airports, train stations, and other transportation infrastructure watched in disbelief as screens all around them blue-screened. All flights had to be grounded, causing global delays, cancellations, and leaving thousands of people stranded. Banks indefinitely lost track of their accounts, which led to everyone affected having their card declined. Even hospitals and emergency lines were struck by the shutdown, endangering lives all around the world. Workplaces that used the platform were forced to shut down, causing a “global vacation day” for workers around the world. The horror that many believed would happen to computers when the year hit 2000 occurred 24 years later.
What technological issue caused the worldwide outage? According to the technical details from CrowdStrike, the problem occurred with a configuration file that works with the Falcon Sensor, CrowdStrike’s real-time threat-protection software. CrowdStrike’s July 19 update had a small coding error in one of the newly added files, known as Channel File 291. The file tried to access data that did not exist, which caused an unintended error known technically as an exception. This exception was not dealt with by the code, which caused Windows computers to crash.
The remedy for the crash was tedious for workers at airports, train stations, and hospitals alike, as employers had to manually delete the file that caused the crash. The list of steps listed on CrowdStrike’s website involved activating Safe Mode or the Windows Recovery Environment, deleting the CrowdStrike file that causes the crash through the command prompt, and then restarting the computer. Although this was a simple solution, it had to be done manually, and CrowdStrike took an hour and a half to share how to fix the blue-screen problem. CrowdStrike’s stocks plummeted following the platform outage and the CEO, George Kurtz, released a statement apologizing to and reassuring CrowdStrike customers. Even though CrowdStrike was able to fix the problem relatively quickly, the damage was done, not just to Windows systems, but to consumer trust in cybersecurity platforms like CrowdStrike.
This catastrophe shows how dangerous it can be to have a significant amount of the world’s infrastructure depend on one cybersecurity provider. CrowdStrike’s outage was not caused by a malicious actor, but it highlights for malicious actors a crucial, exploitable vulnerability. If all of the major institutions of the world continue to rely so much on a single platform like CrowdStrike, a cyberattack on just one provider could cause catastrophic damage around the world. With the modern world so dependent on technology, and the new realization of how much damage a small coding error can do, outages like this will occur again, and governments and businesses need to be prepared.
Junior Nicholas Carpenter is the News Editor. His email is ncarpent@fandm.edu.