Computer users who use CrowdStrike’s digital protection services woke up Friday morning with “the systems they normally use not working,” summarizes Steve Waterhouse. The cybersecurity expert believes that IT services are particularly vulnerable to this type of problem and that the event will certainly not be the last. Analysis.
The outage that occurred early Friday morning affects Microsoft services that use the antivirus from CrowdStrike, an American company that specializes in digital protection and is used by several companies around the world. Microsoft’s services include access to the Windows suite, which thousands of people use as their computer’s operating system. Airlines, the London Stock Exchange, Radio-Canada and hospitals are among the companies and groups affected by the outage.
As a result, those whose computers use Windows and are protected by CrowdStrike may end up with a famous “blue screen of death” which prevents any action on the computer and forces it into an infinite loading state.
The cybersecurity expert compares the outage to “a pothole that came on the road to IT today, which derailed a lot of systems.”
Today, operating systems like Windows are usually centralized by company. This makes it easier to make a change on a single “host” than on each individual machine or system. A double-edged sword, according to Steve Waterhouse. “In information management, it’s magic, but when you need access to the information and it’s not available, that’s when you get into trouble.”
A return to operating systems and data installed “locally” would create an inverse problem, where protection would be increased, but information sharing would be hampered, notes the expert. According to him, the solution would therefore be based on an “adaptation” of the systems in order to create a “balance” between the two modes of operation. An analysis of the impacts of problems such as that of CrowdStrike would however be necessary before arriving at such a symbiosis.
An update in question
CrowdStrike CEO George Kurtz told Platform X that the issue was caused by an update to its Falcon antivirus that was deployed to Windows service hosts. He also said it was not a cyberattack and that Mac and Linux users were not affected. However, Microsoft cloud services such as Microsoft 365 may not work when running on a computer that runs macOS or Linux, Waterhouse said.
Mr. Waterhouse explains that users and businesses have no control over the updates that companies like CrowdStrike roll out. Normally, however, an update should be checked before being launched to avoid potential problems, such as computer crashes or bugs.
However, an error must have crept into Friday morning’s update, the cybersecurity expert believes. For him, the outage is reminiscent of the one on Rogers’ network in July 2022, during which Interac payments were affected.
In the same X post, George Kurtz says that a fix for the offending update has been deployed. Steve Waterhouse, however, believes that getting back to normal may take some time. He “doesn’t anticipate a resolution of this kind of situation for several hours” and thinks that “it’s most likely going to take all day.”
Some, like Tom Warren at the tech website The Vergerecommend restarting the offending computer multiple times or running it in “Safe Mode,” which prevents third-party companies like CrowdStrike from tampering with the system. Waterhouse says only the first option is advisable for people who are not computer savvy, although there is no guarantee that it will work. “I don’t recommend that people go out of their way to do computer acrobatics like that,” he warns.
One thing is certain for the cybersecurity expert: due to the “single vendor dependency” such as Microsoft or Google, which inevitably arises with modern systems, and the risk of errors, it is only a matter of time before a similar event occurs again.
Measured stock market fluctuations
With Pierre-Étienne Genest