CrowdStrike Postmortem – Is the EU to Blame?

LISTEN ON:

This Week in IT, security software CrowdStrike brings down 8.5 million Windows devices worldwide but who is ultimately responsible? Microsoft is blaming the EU but would changes to Windows prevent security channel updates causing so much disruption in the future?

Links and resources

Episode Overview

A recent CrowdStrike security update caused a massive IT outage, impacting 8.5 million Windows devices globally. This incident has sparked a debate on whether Microsoft or third-party vendors should manage Windows security.

  • Incident Overview: A CrowdStrike security channel update led to a global IT outage, affecting 8.5 million Windows devices and causing what is considered the largest IT outage in history.
  • Cause of the Outage: The issue stemmed from a faulty security channel update that contained a file full of zeros, causing the CrowdStrike Falcon sensor driver to malfunction and trigger blue screens of death (BSOD).
  • Manual Recovery Required: Administrators had to manually boot affected devices into safe mode, remove the faulty update, and reboot, which was a time-consuming process.
  • Responsibility Debate: Microsoft blames the EU for not allowing the implementation of a security API that could prevent such issues, arguing that it would not stifle competition as the EU suggests.
  • Comparison with Other OS: Similar issues have occurred with CrowdStrike on Debian Linux, but macOS remains more stable due to its restricted kernel access for third-party developers.
  • Potential Solutions: Potential solutions include allowing Microsoft to implement their security API, improving CrowdStrike’s testing processes, and better validation of input by the CrowdStrike kernel driver.
  • Future Considerations: The EU may need to reconsider its stance on kernel access, and Microsoft could explore providing two versions of Windows—one with a locked-down kernel and one with full access.
  • Compensation Controversy: CrowdStrike’s attempt to compensate affected customers with a $10 Uber Eats voucher was poorly received and subsequently retracted.