Microsoft Down!

Microsoft Down!

The Failure

The recent Microsoft Crowdstrike outage devastated global communications and traversal operations that stretch from air travel to hospitals. Crowdstrike is a cybersecurity firm that specializes in protecting systems via cloud-connected technology that can repel “beyond malware” threats that are now used by many modern day computers. Today’s sophisticated world has many threats which are not only unseen but can also be undetected if not for cybersecurity firms like Crowdstrike that aid major international companies such as Microsoft. However, Crowdstrike unfortunately made a major mistake when they released a new security patch that caused the Microsoft system to crash and panicked the entire world when they saw the “Blue Screen of Death”. The reasons and results of this terrible outage are not only significant but they also demonstrate how much the world relies on global IT companies.

The Technology 

Falcon is the Crowdstrike platform that they use for repelling cybersecurity threats through the unified cloud network, it is effective in thwarting malware attacks that rely on zero day tactical exploits and more covert methods similar to credential theft which blend into the system environment. Zero day exploits depend on the fact that cybersecurity firms don’t realize the chink in their armor before cyber threats can exploit them, this tactic leaves security teams vulnerable and having zero days to patch their hole. The Crowdstrike Falcon system uses next-generation antivirus technology which leverages the power of AI and machine learning to quickly adapt to a cyber threat and neutralize it, the NGAV is not only an incredible next generation cybersecurity technology but it also comes in a slim and lightweight package that does not require extreme storage space to function. This allows it to exist entirely on the cloud and be swiftly delivered to systems to quickly deal with threats. The Falcon’s EDR (endpoint detection and response) functionality also allows it to continuously monitor different endpoints in a system such as any transactions between users to immediately respond to malware threats such as ransomware which coaxes money out of users to access systems. Crowdstrike uses its technologies in tandem with threat intelligence software that uses the power of AI which relays the nuances of any cyber attack to the Falcon defense system. The motive, means and targets of an attack are all identified by the Falcon which strengthens the total defensive power of the system. Threat intelligence analyzes data from past cyber attacks and already identified cyber criminals to best guide the rest of the Falcon system toward the fastest route to eliminating all threats. The Crowdstrike Falcon system is a powerhouse of cybersecurity, but the events that led to the global outage were not caused by external cyber threats. 

The Cause

The Microsoft system shutdown was caused by a Crowdstrike patch that malfunctioned and led to millions of Microsoft devices failing. Crowdstrike security teams implemented a new patch that would update Microsoft through a file named “C00000291” also called Channel File 291. The file relayed information to the Falcon sensor on the cloud about the new patch that would increase defenses against malware that tried to attack Microsoft’s “named pipe” software which is used for intersystem communication, however the update caused a logical error within Microsoft resulting in a complete operating system crash. The error persisted through automatic reboots because as soon as the reboot brought systems back online, the configuration update caused errors within the system shutting it down. The infinite loop of rebooting and crashing led to the global outage until Crowdstrike was able to stabilize the system and properly update Microsoft. The Microsoft crash lasted less than a day but Crowdstrike’s mistake resulted in major chaos. 

The Impact

Despite the relatively short amount of time that Microsoft was down, millions of people paid the price and the world was thrown into chaos. More than 3,000 flights were canceled on July 19 in and from the U.S and thousands more are still being canceled days after the outage, roughly 38,000 flights have been delayed within the country even several days after the outage had been fixed. The healthcare industry was also affected as nearly all procedures occurring in Microsoft reliant hospitals had to be postponed until the outage was resolved which caused many hospitals to withhold from treating their patients and even using pen and paper to note information. The Microsoft outage was devastating to many people and it served as a reminder that the world is in a new age of technology and cybersecurity mistakes like this can cascade to be global issues. 

Conclusion

All in all, the Microsoft outage was an unexpected shock and a harsh reminder that the world relies on companies like Microsoft because of the extensive support they provide in our day-to-day lives. Though the Microsoft outage was severe, a state of normalcy is expected to arrive soon.