Digging Into The CrowdStrike Glitch That Brought The World To A Halt

It’s been nearly a week since businesses across various industries and around the globe were knocked offline entirely due to a defective software update released by the cybersecurity firm CrowdStrike.

Although there are still some serious questions left to be answered, we’re starting to piece together a better picture of what happened on that fateful day.

78 minutes later

It was just after midnight on the East Coast when people far and wide started to notice something strange was going on. Windows computers operating the CrowdStrike system crashed all at once, disrupting air travel, banks, hospitals, and much more.

Although CrowdStrike quickly acknowledged that its update was to blame, that didn’t mean things were going to be back to normal right away. It was well over an hour (78 minutes, to be exact) before the company released a fix. And for many systems, that by itself didn’t remedy the situation. A large number of computers required an in-person visit by specialists.

Early indicators suggest the corruption had been in the system for some time before it was exposed to the world … and its release seemed to have been made possible due to the way CrowdStrike’s software operates.

At the kernel level

Part of what makes CrowdStrike’s software so effective is that it operates at the “kernel level” of operating systems. In contrast with the “core level” that most systems run, this deeper involvement gives the security programs unrestricted access to hardware, memory, and other key components of computers.

That’s great when it works — but when something goes haywire, it’s particularly destructive.

And Microsoft appears to be receiving pressure from opposing sides: those who say it needs to lock Windows down to prevent future breaches and those who insist CrowdStrike (among other programs) need access to function properly.

Chris Agee July 24th, 2024

Share this story: