Pages

Saturday, July 20, 2024

ET Explains: How a faulty Microsoft Windows update by CrowdStrike led to havoc Read more at: https://economictimes.indiatimes.com

 

An airline employee fills out a luggage tag manually during check-in in Hong Kong on Friday

New Delhi: Services of several companies including airlines, banks, automobile makers, hospitals, media and other organisations were severely impacted on Friday due to an outage on Microsoft's Windows devices. Users across the world and in India complained about a blue screen of death error when they booted their devices.

The outage was caused due to a faulty update caused by CrowdStrike, which manages end-point security for several firms across the globe, including Microsoft. Overall, Microsoft's suite of services such as Azure, Outlook, and Teams were impacted throughout the day.

What caused the outage?

CrowdStrike, a Texas-headquartered cybersecurity company provides real-time threat management and detection to other companies. On Friday, the company pushed an update to its security management systems which was intended to increase the protection features. The update, however, ran into a conflict with Microsoft's cloud service infrastructure, causing several devices to show the blue screen of death message.

In Windows, the blue screen of death message is shown when a critical issue forces the system to shut down or restart to prevent further damage.

Experts said that the update pushed by CrowdStrike triggered a bug in Microsoft's servers, which in turn led to an unprecedented surge in traffic causing all systems to stop responding to user requests.

Which industries were impacted by the outage?

All industries which use the CrowdStrike service for securing the devices faced this outage. Of this, the highest impact was on banks and airlines. Several airlines across the world were forced to ground the aircraft and ask passengers to reschedule their travel plans.

In India, for example, airlines such as Indigo, Akasa, Air India, SpiceJet, Air India Express and others had to ground their aircraft. According to industry sources, around 300 flights have been cancelled so far, including around 200 for market leader Indigo alone till 6 pm. There are some 3,652 scheduled flights originating from Indian destinations, according to global aviation consulting firm Cirium.

How was it contained?

After the outrage, CrowdStrike worked to identify the bug that was causing the outage and rolled back the update. In a statement, the company said that it had also released a fix for the issue which would help users log back into their systems.

The Indian Computer Emergency Response Team (Cert-In) which is the government's nodal body for all cybersecurity-related matters said that though the fix had been issued, users should boot their devices into safe mode or in the Windows recovery environment.

In the recovery environment, the user should "navigate to the C:\Windows\System32\drivers\CrowdStrike directory, locate the file matching "C-00000291*.sys", and delete it".

After deleting the said file, users can restart their devices normally, Cert-In advised.

Outages such as the one caused on Friday highlight the impact that can be caused by low diversity products and services, Jake Moore, the global security advisor at cybersecurity firm ESET said. "Where diversity is low, a single technical incident, not to mention a security issue, can lead to global-scale outages with subsequent knock-on effects," Moore said.





No comments:

Post a Comment