CrowdStrike Outage Affected 8.5 Million Windows Devices, Says Microsoft

Microsoft has shed some more light today on the CrowdStrike outage that shutdown various industries across the globe yesterday.

According to Microsoft’s David Weston, Vice President, Enterprise and OS Security, he explained on Saturday that the July 18 software update from cybersecurity company CrowdStrike affected an estimated 8.5 million Windows devices. That works out to less than 1% of of all Windows machines, points out Weston. Still though, that’s more than enough to disrupt the world when it comes to travel, banking, healthcare and more.

“Although this was not a Microsoft incident, given it impacts our ecosystem, we want to provide an update on the steps we’ve taken with CrowdStrike and others to remediate and support our customers,” explained Weston.

“We’ve maintained ongoing communication with our customers, CrowdStrike, and external developers to collect information and expedite solutions. Our focus is providing customers with technical guidance and support to safely bring disrupted systems back online,” Weston said on Saturday.

Microsoft engaged with CrowdStrike to automate a workaround and issued instructions to remedy the situation on Windows endpoints. The company deployed hundreds of engineers and experts to work directly with customers, ensuring they received the necessary assistance to restore services.

Collaborating with Google Cloud Platform (GCP) and Amazon Web Services (AWS), Microsoft shared awareness of the state of impact across the industry and informed ongoing conversations with CrowdStrike and customers.

Microsoft also says it quickly posted manual steps and scripts on the Windows Message Center and kept customers informed through the Azure Status Dashboard.

The damage has been done though, because CrowdStrike and Microsoft look so bad that this could happen. Who issues a software update on a Friday without extensive testing first?

CrowdStrike shared some more details on Saturday about what went wrong.

“On July 19, 2024 at 04:09 UTC, as part of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing part of the protection mechanisms of the Falcon platform. This configuration update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems,” explained the company.

“The sensor configuration update that caused the system crash was remediated on Friday, July 19, 2024 05:27 UTC,” wrote CrowdStrike. While the update was fixed on their end, other Windows machines required a manually reboot and deletion of a specific file to fix the issue.

The outage also affected Telus support teams in Canada, while others affected included numerous hospitals, airports and airlines such as Porter airlines.

Let’s pour one out to IT teams globally working throughout this weekend and likely beyond.