‘An unmitigated disaster’-CrowdStrike update initiates global Microsoft outage

AUSTIN, Texas — The CrowdStrike software update that cascaded into a series of outages in important systems around the globe on July 19 shows how vulnerable the country’s tech infrastructure is to disruption, security experts say. While CrowdStrike has stressed that the incident was not a cyberattack, it highlights the dangers of how hastily issued updates can become a vector of attack for cybercriminals, says Jim McGann, vice president of strategic partnerships at Index Engines, especially for software designed to keep organizations secure. "This software failed, and the resulting chaos will have enormous impacts for days to come,” he said. “This experience, although not a cyber-attack, shows the bad actors how vulnerable our tech infrastructure is to disruption. Let’s hope this does not lay out a playbook for future ransomware attacks.”  In the early hours of July 19, CrowdStrike released an update for “CrowdStrike Falcon” for Windows hosts that was flawed, resulting in a variety of key systems issuing a Blue Screen of Death (BSOD).  CrowdStrike wrote in an official statement on the incident: “The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.” Although CrowdStrike eventually issued a workaround for the issue, cybersecurity experts around the world were scrambling to fix the issue, including StickmanCyber CEO Ajay Unni. “It’s a lesson to always update your software, but obviously this is an extreme example,” said Unni. “IT security tools are all designed to ensure that companies can continue to operate in the worst-case scenario of a data breach, so to be the root cause of a global IT outage is an unmitigated disaster.”