That deeper access also introduces a much greater chance that security software (and updates to that software) will crash the entire system, says Matthieu Suiche, head of detection engineering at security firm Magnet Forensics. He compares running malware-detection software at the kernel level of an operating system to “open-heart surgery.”
However, it remains astonishing that a kernel driver update was capable of causing such a massive global computer failure, says Costin Raiu, who worked at Russian security software company Kaspersky for 23 years and headed its threat intelligence team before leaving the company last year. During his years at Kaspersky, he says, driver updates for Windows software were scrutinized and tested for weeks before they were released.
More importantly, they demand that Microsoft also vet the code and cryptographically sign it, suggesting that Microsoft might also have missed the bug in CrowdStrike’s Falcon driver that caused this outage. “It’s surprising that with the extreme attention paid to driver updates, this still happened,” Raiu says, “A simple driver can bring everything down. Which is what we saw here.”
Microsoft did not respond to requests for comment on the oversight of the update and whether the Azure outage and the CrowdStrike situation are related. However, a Microsoft spokesperson says the “CrowdStrike update was responsible for multiple IT systems going down globally.”
Raiu adds that, even so, CrowdStrike is far from the only security company to trigger Windows crashes with a driver update. Updates from Kaspersky and even Windows’ own built-in antivirus software, Windows Defender, have triggered similar “blue screen of death” crashes in previous years, he notes. “Every security solution on the planet has had its CrowdStrike moments,” Raiu says. “This is nothing new, but the scale of the event is.”
Cybersecurity authorities around the world have issued alerts about the outage, but have also been quick to rule out any malicious activity by hackers. “The NCSC assesses that these have not been caused by malicious cyber attacks,” said Felicity Oswald, chief executive of the UK’s National Cyber Security Centre. Officials in Australia have We came to the same conclusion.
The impact, however, has been sweeping and dramatic. Around the world, service disruptions have been on the rise as businesses, government agencies and IT teams rush to fix crashed machines, which involves manually putting the machines through a series of corrective steps including rebooting. In the UK, Israel and Germany, healthcare services and hospitals have seen the systems they use to communicate with patients disrupted and have had some appointments cancelled. Emergency services in the US that use 911 have also had problems with their lines. In the early hours of the outages, some TV stations, including Sky News in the UK, stopped broadcasting live news.
Global air travel has been one of the hardest hit sectors so far. Huge queues formed at airports around the world, with handwritten boarding passes being used at one airport in India. In the US, Delta, United and American Airlines have all suspended flights at least temporarily, with a dramatic graphic showing Air traffic plummets over the US.
