CrowdStrike experienced a significant global outage due to a faulty software update, causing widespread disruptions to businesses and organizations worldwide. The outage affected sectors including banking, airlines, and media outlets, resulting in system crashes on Windows devices and leading to grounded flights, disrupted payment systems, and other operational issues for numerous companies.
Crowdstrike Falcon provides security technologies including antivirus, USB device control, host firewalls, threat intelligence, identity protection, and software hygiene. Given its wide scope of capabilities, the software is tightly integrated with the most fundamental parts of the endpoints operating system. This tight integration means that the current bug is capable of making the system functionally inoperable. Current indications are that affected endpoints will crash shortly after startup, as the Falcon system agent is one of the first pieces of software to be brought online.
The bug affects all current supported Windows versions, both Workstation and Server, that were brought online late in the early hours of July 19th. This includes cloud instances hosted on Azure, Amazon, and other service providers. MacOS and Linux systems remain unaffected. The current outlook indicates that remediation will require endpoint by endpoint fixes, currently requiring users to boot into safe mode and manually delete a specific file.
Bitsight Status
You can surface monitored organizations using CrowdStrike in Vulnerability Detection.
To surface CrowdStrike usage in your monitored companies:
- Navigate to the Vulnerability Detection page (CM: Vulnerability Detection, SPM: Risks → Vulnerability Detection).
- Search for CrowdStrike Products (Informational).
- Select CrowdStrike Products (Informational) from the table.
These findings will result from discovery of the stated use of particular software within organizations within public documents. Multiple mentions of a particular software associated with an organization must be made to meet a threshold for non-technical findings. As such, the information provided is for preliminary triage purposes only and does not indicate that an organization has experienced an outage. It is important to recognize that the data could contain inaccuracies. Accordingly, we encourage customers to leverage this as a starting point for investigation and outreach and not as evidence of an outage or impact having actually occurred.
Resources
CrowdStrike, Statement on Falcon Content Update for Windows Hosts
Feedback
0 comments
Please sign in to leave a comment.