A single update from a US-based anti-virus company has caused global chaos today.
Described as the biggest outage ever, it has affected an unprecedented number of services and companies worldwide. Within an hour of starting a list of affected brands, there were too many to keep track of.
You may not have heard of the anti-virus firm CrowdStrike, but an update to its Falcon virus scanner had a severe impact on millions of computers running Windows software.
The infamous Blue Screen of Death was reported worldwide. Microsoft quickly clarified that it was a “third-party issue”—in other words, not its fault. Meanwhile, Apple and Linux users remained unaffected and rejoiced.
CrowdStrike says it has now issued a fix, but several IT contacts have informed that every single machine in their organizations will require a manual reboot in safe mode, and some of these devices are likely to be less physically accessible than others.
There is no indication that the update was malicious or that anyone’s data has been compromised, accessed, or stolen. Cybersecurity experts still recommend keeping software up to date—though today might not be the best time to emphasize that point.
CrowdStrike’s initial statement did not include an apology, which infuriated many online. However, shortly after the statement was released, CEO George Kurtz told NBC News, “We’re deeply sorry for the impact that we’ve caused to customers, to travelers, to anyone affected by this, including our companies.”
This incident serves as a poignant reminder of our heavy reliance on devices managed remotely by large companies, and how powerless we can feel when they fail.
These enormous platforms constantly face attempted cyber-attacks and poorly designed software updates, most of which are caught by the tech giants’ robust systems. There will undoubtedly be a post-mortem at Microsoft to understand why this one slipped through.
Timing is crucial. “Never push an update on a Friday,” sighed one computer scientist I spoke to, head in hands. That’s because if something goes wrong and takes time to fix, there are typically fewer people working over the weekend, which prolongs the resolution.
For this reason, many big firms prefer updates in the middle of the week.
If you are a CrowdStrike customer, details of the fix are available on their support website. If you work for a company with an IT team, they may be coordinating a company-wide response.
Often, outages resolve themselves before you notice them, but that is not the case here. It will likely take a few days for the world to return to normal.