CrowdStrike Outage Update Part II: A Deeper Dive into the Windows Meltdown
CrowdStrike Outage Update Part II: A Deeper Dive into the Windows Meltdown
Thousands of enterprises continue to recover from a faulty software update from CrowdStrike, which wreaked havoc on Microsoft Windows systems worldwide. What exactly happened is just now starting to become clearer. This blog post delves into the details of the incident, exploring the causes and implications of this massive outage.
CrowdStrike created the Windows Blue Screen of Death Problem
CrowdStrike offers security and antivirus solutions for Windows servers and desktops. These solutions require deep integration with the Microsoft operating system, including access to the Windows kernel. The recent outage was triggered by a flawed driver within a CrowdStrike update, leading to the infamous “Blue Screen of Death” on affected machines.
Apple Mac and Open Source Linux Operating Systems are Not Affected
Notably, Mac and Linux machines remained unaffected by the faulty update. This is due to the stricter security measures implemented by these operating systems, which do not allow third-party vendors to directly access their kernels. This highlights the potential benefits of such a restrictive approach in terms of system stability and security.
Microsoft Hides Behind the 2009 EU Agreement
Microsoft has attributed the issue to a 2009 EU agreement that grants security partners like CrowdStrike access to the Windows kernel. While this access is necessary for effective security solutions, Microsoft argues that the incident highlights a potential flaw in the agreement. It suggests that a staged approval process for kernel-level access might be necessary to prevent similar disruptions in the future.
Aragon Analysis – Kernel Access Does Not Mean Deployment
Aragon feels that while Microsoft is highlighting the EU Agreement – access does not mean deployment. We feel Microsoft could have done more in terms of verification before letting a patch into the wild. Clearly CrowdStrike cannot be trusted at this point.
Safeguards will now need to be put into place to prevent this type of update from happening again. Clearly, many enterprises were caught off guard and now new procedures for Security updates for Windows will need to be put into place.
Enterprise Advice – Take Control of Updates
In light of this incident, enterprises are advised to reconsider their update strategies for critical systems, particularly those running on Windows Server. Disabling automatic updates for such systems could prevent future disruptions caused by faulty patches. Additionally, organizations should thoroughly evaluate the security practices of their software vendors, ensuring that rigorous quality assurance measures are in place to prevent similar incidents.
Bottom Line: While CrowdStrike’s lackluster quality management undoubtedly contributed to the global outage, Microsoft’s claim regarding the EU agreement seems misplaced. Regardless of agreements, software vendors should always prioritize thorough testing and verification of updates that have the potential to impact critical system components like Windows drivers. The incident serves as a stark reminder of the importance of robust quality control processes in the software industry.
FREE AI TOOL
Free Download – Aragon Research’s New Adopting AI Assistants Checklist
AI is here but is your business ready?
Aragon’s new checklist is your roadmap to successfully integrating AI Assistants and Generative AI into your business operations.
Download Aragon’s Free AI Insights
UPCOMING AI WEBINAR
AI is Here: Increase Value & Reduce Risk with AI Governance
Almost every week, we hear about another organization facing an increasingly complex myriad of ethical questions, from AI. However, leaders don’t have either the training or the focus to be able to address these issues.
In this webinar, we explore how your organization can reduce the risk of AI with effective AI governance, and provide a checklist for how to approach defining AI governance.
- What challenges do organizations face in supporting AI?
- How can governance reduce these risks and challenges?
- How can organizations use Aragon Research’s AI Governance checklist?
Have a Comment on this?