“One might wonder what the validation process was at CrowdStrike,” asks a cybersecurity expert.

The giant outage that occurred on Friday is linked to an incompatibility between an update carried out by the leading cybersecurity company and Windows devices. François Deruty, in charge of cyber threats at the company Sekoia.io, sheds light on the matter.

Article written by

franceinfo – comments collected by Louis Dubar

France Televisions

Published


Reading time: 3 min

The CrowdStrike company logo photographed on July 19, 2024 in Dubai. (GIUSEPPE CACACE / AFP)

From Brisbane to Berlin, via Paris, the global economy is running at a standstill on Friday, July 19. Planes grounded on the tarmac in Europe, the American emergency number out of service, hospital services affected in the Netherlands… Several countries are affected by a series of incidents. The reason: a massive computer failure linked to an incompatibility between the software of CrowdStrike, a company specializing in cybersecurity, and Windows devices. “The issue has been identified, isolated and a fix has been deployed”George Kurtz, the head of the company in question, said on the social network X at midday. He specified that Mac and Linux systems are not affected.

To understand the causes of this breakdown detected during the night from Thursday to Friday, franceinfo interviewed François Deruty, in charge of cyber threats at the company Sekoia.io.

Franceinfo: What is the origin of this computer breakdown?

François Deruty: It seems that the American company CrowdStrike has made an update to one of its devices called an EDR. (Endpoint detection and response). To summarize, an EDR corresponds to a new generation antivirus. Apparently, this update has a format problem and causes Windows terminals on which the EDRs are installed to “crash”. This is apparently why we see blue screens [synonymes d’une erreur système] all over the planet.

Microsoft also reported a service outage, are these two bugs related?

The situation remains unclear, but this global outage is linked to the faulty CrowdStrike update and not the operating system [Windows] itself, as we have heard on several occasions. Microsoft had an outage this morning that was fixed after an hour. It has nothing to do with it and did not have the same impact. In other words, it is primarily a CrowdStrike problem on [matériel fonctionnant avec un logiciel] Microsoft, not the other way around.

From Sydney to Paris to Tokyo, many countries and cities around the world are directly affected by this computer outage. How can we explain the global scale of this outage?

CrowdStrike is an American company, a world leader in the field of cybersecurity and cyberdetection. It is a company whose products are used by many customers, in all types of fields and economic sectors. Since this [vendredi] morning, we saw many airports at a standstill, but in reality, there is nothing specific to aviation. This outage can affect any CrowdStrike client company and any economic sector: railways, banking, telecommunications, etc.

How can we explain that CrowdStrike deployed an update containing such a major bug?

Updates that don’t go very well are quite common in IT. But on this scale, it’s rare. Normally, you run tests several times before deploying the update. There are procedures to follow. The question now is: how did a company of this size do it and what was the validation process? We will probably have answers and clarifications once CrowdStrike has managed to overcome this crisis.

Is it possible to estimate the duration of this disruption and envisage a return to normal?

CrowdStrike’s technical teams are on deck, they communicated very quickly, explaining the different technical means available to repair the machines or revert to previous versions. It’s more or less easy depending on the architecture of the different systems. But the time for customers to apply this solution and for everything to return to normal, it’s going to take a long time.

What to do if your computer is affected by this breakdown?

If you are affected, you should contact your company’s IT department – who should have taken the lead – and inquire with the various official CrowdStrike press releases that explain how to restore your system to a functional state. It is strongly recommended to apply patches, updates and recommendations as soon as possible.


source site-29

Latest