That CrowdStrike IT world outage

Retro · 19 Jul 2024

When I woke up this morning to the news of this massive global IT outage, I was sure it was a cyberattack, especially given the timing of Zelensky visiting the UK today and Trump's inflamatory acceptance presidential nomination speech overnight. However, it turned out instead to be some dodgy little update from CrowdStrike that took everything out! It wasn't even meant to be a very important update, hence it wasn't tested as thoroughly as others which is why it wasn't caught before release. Seriously, if this had been a movie plot, one would have said nah, too implausible, yet here we are, with the continuing aftermath of this royal cockup. Let's see how it develops.

Cyber-security firm Crowdstrike has admitted that the problem was caused by an update to its antivirus software, which is designed to protect Microsoft Windows devices from malicious attacks.

Microsoft has said it is taking "mitigation action" to deal with "the lingering impact" of the outage.

Crowdstrike and Microsoft: What we know about global IT outage

A mass IT outage has caused chaos around the world, with major airlines among the victims.

www.bbc.co.uk

Live news coverage:

Microsoft IT outage live updates: Global IT chaos persists as Crowdstrike boss admits outage could take time to fix

Airports, banking and healthcare were all hit when a Crowdstrike update triggered huge Microsoft outages.

www.bbc.co.uk

Retro · 19 Jul 2024

Full recovery from ‘largest IT outage in history’ could take weeks

Fault in CrowdStrike software update linked to Windows PCs may require each computer to be fixed individually

www.theguardian.com

live627 · 20 Jul 2024

The internet was never designed for centralization like this.

Retro · 20 Jul 2024

An interesting editorial on the fragility of our digital world.

IT outage exposes fragility of tech infrastructure

Ultimately, when systems wobble, there is little that can be done - except wait for a fix.

www.bbc.co.uk

Geffers · 20 Jul 2024

Retro said:
When I woke up this morning to the news of this massive global IT outage, I was sure it was a cyberattack, especially given the timing of Zelensky visiting the UK today and Trump's inflamatory acceptance presidential nomination speech overnight.

Trump's fault

Retro · 20 Jul 2024

Geffers said:
Trump's fault

I wish I could pin this one on him, lol.

Tiffany · 20 Jul 2024

Mac and Linux users weren't affected by this.

Astro What · 20 Jul 2024

Retro said:
I wish I could pin this one on him, lol.

Hey, he did fire the top election security expert head (Krebs) that was good at what he did.... because he had the temerity to say that the election was one of the most secure in history and that went against the fairy-tale of massive fraud that Trump was banging the toy drum over. But Krebs didn't have anything to do with regular worldwide computer security... but his firing does show a disturbing trend.

As for this latest SNAFU (the acronym), this is not the first time an update from a software provider has caused massive issues. It just happens that it was one of the largest so far since more and more companies are becoming reliant on smaller pool of providers. And once more it was because of sloppy QC on the part of a company. From some of the stuff I've read, they didn't adequately check the "update" before they pushed it out.
Microsoft has also been a victim of this type of lack of quality assurance when pushing out updates. So has IBM.
So it's not limited to any particular company. It's just telling on how quickly being lazy/sloppy in your QC can affect so many people so quickly.

Tiffany said:
Mac and Linux users weren't affected by this.

Not directly, no. And not even on my desktop machines.
It's been estimated that it only affected about 1% of existing Windows computers.

Retro · 24 Jul 2024

Dave explains in fascinating technical detail what actually happened to cause all those blue screens.

Watching this, one gets a better sense of how malware can generally compromise a system if it gets into the wrong places.

live627 · 24 Jul 2024

Just came here to post that. I dont quite understand why that software needs kernel-leevel access. Or maybe I should actually learn what it is first.

Retro · 24 Jul 2024

It's antivirus software so it needs to work at the lowest level. The video is well worth watching.

live627 · 24 Jul 2024

oh I see. Found some delicious nerdy details, programmer approved:

CrowdStrike needs kernel space to override syscalls like reading files, mmap, etc. Rootkits and other malware will rewrite syscalls as well. There is no way to intercept calls/access memory for other processes in userspace, and AV is perpetually trying to be "on top", hence the kernel-mode drivers. All AV works like this - once it's hooked in, processes that e.g. read files will be accessing it through a rewritten fopen() syscall that goes through CrowdStrike's driver.

Retro · 25 Jul 2024

Dave has an update on the CrowdStrike issue.

AllThingsTech · Friday at 11:08

Well, Microsoft will be delivering a preview - to companies including CrowdStrike participating in Microsoft Virus Initiative - of security products running in user mode, meaning they don’t have access to the Windows kernel, just like apps.

Microsoft also have plans for a transition from a blue screen of death to a black screen, complying with windows 11 design principles with concise instructions while offering more detailed technical information as necessary.

What’s more is an upcoming meaningful feature called Quick Machine recovery, allowing Microsoft to deploy targeted remediation via Windows recovery, enabling users to arrive at a productive state without complex intervention from IT.

Microsoft changes Windows in attempt to prevent next CrowdStrike-style catastrophe

AV vendors have worried that this could advantage Microsoft’s security software.

arstechnica.com

It’s a shame that user mode won’t be a requirement but rather an option; Microsoft’s plans to make this a requirement in the past failed, due to its release of Windows defender, and so such restriction was seen as an anti-competitive practice.

AllThingsTech · Saturday at 00:29

Do you ppl feel that Microsoft should bear any responsibility in this, or should this all fall on CrowdStrike? Open to all viewpoints

That CrowdStrike IT world outage

Retro

Founder

Crowdstrike and Microsoft: What we know about global IT outage

Microsoft IT outage live updates: Global IT chaos persists as Crowdstrike boss admits outage could take time to fix

Retro

Founder

Full recovery from ‘largest IT outage in history’ could take weeks

live627

Well-known member

Retro

Founder

IT outage exposes fragility of tech infrastructure

Geffers

Linux enthusiast

Retro

Founder

Tiffany

Web Diva

Astro What

Well-known member

Retro

Founder

live627

Well-known member

Retro

Founder

live627

Well-known member

Retro

Founder

AllThingsTech

Well-known member

Microsoft changes Windows in attempt to prevent next CrowdStrike-style catastrophe

AllThingsTech

Well-known member

Similar threads

We value your privacy