Unlock the Editor’s Digest for free
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
Friday’s Microsoft problems are already shaping up to be one of the biggest IT outages ever, affecting countless businesses and individuals all over the world. It is another example of how a minor technical change, made by a company that is unknown to most outside the IT industry, can wreak widespread havoc.
What happened?
Companies are grappling with problems affecting PCs, servers and other IT equipment running Microsoft Windows. Affected PC users are seeing a “blue screen of death”, indicating that Windows has failed to load.
Microsoft has blamed a flawed update from CrowdStrike, a security software vendor.
In a post on X, CrowdStrike’s chief executive George Kurtz said the cause of the problems was a “defect found in a single content update for Windows”. PCs and servers running Apple’s MacOS and the open-source Linux operating system, which is widely used in internet infrastructure, were “not impacted”, he said.
“This is not a security incident or cyber attack,” Kurtz said. “The issue has been identified, isolated and a fix has been deployed.”
How widespread is it?
CrowdStrike is one of the largest providers of “endpoint” security software, which protects connections between computer networks and remote devices — from laptops, phones and servers to retail payment terminals and cash machines — that are connected to corporate networks. Any of those devices that run Windows might be affected by the bug.
Customers of Microsoft’s Azure cloud computing platform, much of which runs on Windows, have also reported problems.
The IT failure has affected airlines, banks and broadcasters from the US and Europe to Australia, Japan and India.
“The worldwide IT outage experienced this morning is unprecedented in the range and scale of systems it has impacted,” said Harjinder Lallie, a cyber security expert at the University of Warwick.
What is CrowdStrike?
CrowdStrike is a cyber security company that was founded in 2011 and is headquartered in Austin, Texas. Its Falcon software is designed to stop cyber attacks and includes a suite of products running on individual devices and delivered via the cloud.
Its revenue rose by a third to $3.1bn in the most recent fiscal year, ending in January, while net income swung to $90.6mn, from a loss of $183.2mn in the previous year. CrowdStrike says it is the “cloud security provider of choice for 62 of the Fortune 100”, with more than 29,000 companies using its products.
The Nasdaq-listed company joined the S&P 500 last month.
Shares in CrowdStrike had more than doubled over the past year, prior to the outage on Friday, giving the company a market capitalisation of $83.5bn. However, its stock was trading sharply lower before the Nasdaq opened on Friday in New York.
CrowdStrike is well known for investigating Russian hackers. It helped to investigate the cyber attacks on the US Democratic National Committee in 2015-16 and its connection to Russian intelligence services. The same Russian group then attempted unsuccessfully to hack into CrowdStrike in 2020.
How long will the problems take to fix?
While CrowdStrike said a “fix has been deployed”, it is unclear how long that may take to distribute to the very large number of affected customers and all their employees’ devices.
The issues could “take days to resolve — if not weeks”, said Vasileios Karagiannopoulos, a cyber security researcher at the University of Portsmouth. He added that the problems were “so global and extensive across systems that IT support might be sparse due to the demand”.
Kevin Beaumont, a cyber security researcher, said in social media posts that CrowdStrike customers were in for an “incredibly painful” process to remedy the problem.
“Recovery is only possible manually,” he said. “You have to go to a server or PC, boot it in safe mode at the console, log in as admin, then basically hack the system to get it back online.”
Read the full article here
