Skip to main content

CrowdStrike explained: How one faulty update killed half the world’s IT systems

The sheer scale of the global IT outage caused by a faulty software update has left many wondering how one update to one company’s security software could have such massive impact.

Ironically, the effect of the CrowdStrike flaw has been almost identical to the very thing it’s intended to prevent …

Part of the reason for the scale of the impact is the simple fact that CrowdStrike is used by almost every major corporation in the world.

United, Delta, and American Airlines are among the airlines who have been forced to ground flights. Broadcaster Sky News was taken off-air for several hours. Many retailers have been unable to accept payments. In short, it’s chaos out there.

But the other half of it is the nature of the software, as Bloomberg explains.

Traditional antivirus software was useful in the early days of computing and the internet for their ability to hunt for signs of known malware, but it has fallen out of favor as attacks have become more sophisticated. Now, products known as “endpoint detection and response” software that CrowdStrike develops do far more, continually scanning machines for any signs of suspicious activities and automating a response.

But to do this, these programs have to be given access to inspect the very core of the computers’ operating systems for security defects. This access gives them the ability to take disrupt the very systems they are trying to protect.

One of the biggest threats to today’s IT infrastructure is destructive ransomware attacks, where an attacker takes a company’s mission-critical systems out of action, and won’t restore them until a payment is made. That’s one of the main things CrowdStrike is intended to prevent.

But because the software is given such powerful access to machines, then a flaw in the software has as much potential destructive power as the type of attacks it’s supposed to block.

At least in this case, there is a workaround, and there will quickly be a fix. But actually implementing that fix is going to take considerable time. That’s because there may be no way to automate a rollout: as the affected machines are down, there’s no way to reach them remotely. It’s looking very much like it will involve IT staff physically visiting each of the PCs taken out (except for virtual machines, where up to 15 reboots can resolve it).

Even the temporary workaround means booting the machines in safe mode, and many of them will have corporate settings to render this impossible – again, because of the security risks of bypassing protections intended to run during boot-up.

Macs aren’t affected because Apple offers its own Endpoint Security framework.

Photo by Ivan Vranić on Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications