July 19, 2024, will be remembered as a day of unprecedented technological chaos. Major issues in the security services of CrowdStrike and Microsoft led to massive outages worldwide, severely disrupting the operations of many businesses and critical infrastructures. These incidents highlighted the vulnerability of the digital systems on which our society heavily relies.
Incident Overview:
The problem began with a faulty update from CrowdStrike’s Falcon security software, causing blue screens (BSOD) on numerous Windows computers, rendering them unusable. Simultaneously, a misconfiguration in Microsoft’s Azure servers disrupted Microsoft 365 cloud services, preventing access to crucial applications for millions of users.
Windows users were hit the hardest, with their machines crashing at startup due to a defective file named “C-00000291.sys”. This file, essential for the proper functioning of the Falcon agent, caused repeated crashes, rendering systems inoperable.
Immediate Responses and Measures:
In response to the crisis, CrowdStrike quickly rolled back the faulty update and issued instructions to delete the defective file. Microsoft worked tirelessly to restore its online services. Users were advised to boot their computers in safe mode to delete the problematic file and restore their systems’ functionality.
Unaffected Windows computers did not require any additional intervention. Systems activated after 05:27 UTC were not impacted, and Windows 7/2008 R2 versions, as well as Mac and Linux systems, were also unaffected.
Workarounds:
- For individual computers:
- Boot in safe mode or recovery mode.
- Navigate to C:\Windows\System32\drivers\CrowdStrike.
- Delete the file named “C-00000291.sys”.
- Reboot the computer normally.
2 – For virtual or cloud environments:
- Detach the system disk volume from the affected virtual machine.
- Create a backup of the volume before proceeding.
- Attach the volume to another virtual server, navigate to the folder, and delete the defective file.
- Reattach the corrected volume to the affected virtual machine.
Economic and Sectoral Impact:
The outages had disastrous consequences for several sectors. Banks and financial markets, particularly in Australia and at the London Stock Exchange, experienced major disruptions. Banks such as Commonwealth Bank, NAB, ANZ, Bendigo Bank, and Suncorp reported significant issues, making some money transfers impossible.
The London Stock Exchange (LSE) was unable to publish critical communications, hindering the flow of essential information to investors. This partial paralysis could have significant economic repercussions if prolonged.
Stock markets reacted immediately: CrowdStrike’s shares plummeted by 14% in pre-market trading, and Microsoft’s shares also declined. The travel and leisure sectors faced particular pressure, with investors fearing an impact on the summer tourism season.
Disruptions in Transport and Essential Services:
Airports and airlines were severely affected, with significant delays and canceled flights. Berlin, Amsterdam, Zurich airports, and all Spanish airports were paralyzed. In the United States, all flights were suspended by the FAA due to communication problems. In England, the operator Govia Thameslink Railway canceled numerous trains, disrupting thousands of passengers’ journeys. Royal Air Maroc (RAM) in Morocco also experienced disruptions.
In the United States, the emergency number 911 was inaccessible in some areas, raising public safety concerns. In Australia, supermarket chains faced disruptions, and restaurants in Japan had to close temporarily. Television channels like Canal+ and TF1 in France, Sky News in the UK, and ABC in Australia also experienced service interruptions. Hospitals were forced to cancel some surgeries, exacerbating the crisis.
Opportunistic Cyber Attacks:
Taking advantage of the confusion, cybercriminals launched DDoS (Distributed Denial of Service) attacks against Japanese airports, adding another layer of complexity to recovery efforts and further disrupting operations.
Importance of Security and Update Management:
This incident highlights the critical importance of proactive software update management and vigilance against cyber threats. Companies must strengthen their disaster recovery plans to minimize future disruptions and ensure a swift and effective response in crises. The transparency and rapid response of CrowdStrike and Microsoft were crucial in managing this situation.
———————————————————————————————————————————-
ANNEX: Special Report
On the Global Technological Bug of July 19, 2024, which triggered failures in CrowdStrike and Microsoft security services:
SmiaTECH.com followed this event and its effects on information systems worldwide with experts from Apebi (Federation of Information Technology and Offshoring).
Link to articles and interviews in the Special Report: https://smiatech.com/2024/07/25/special-report/
