Cloudstruck

I got to work early this morning, only to find the IT system was down. Along with everyone else, I went to the main office to find out more and discovered the problem was considerably more extensive than it first appeared. Over the day, it emerged that we were among the thousands of organisations worldwide affected by the Cloudstrike bug. The software our work relies on can’t function without connecting to servers that the faulty update had taken down – and there was very little we could do without it.  The outage stretched through the day, and although we had spent the morning trying to complete the things we could, everyone was twiddling their thumbs by the afternoon. A large group of us gathered in the main office to chat and play quizzes… and by about 4 pm, it was clear nothing was likely to change so we could send a lot of people home early.

Out of sheer curiosity, and with plenty of time on my hands, I dug up the following explanation for what had happened… a significant IT incident involving CrowdStrike, a leading American cybersecurity company, that caused widespread disruption to computer systems globally. The event, now known as the Cloudstrike incident, resulted from a faulty configuration update distributed for CrowdStrike's Falcon sensor software, a product designed to protect computers from cyberattacks. The issue primarily affected Windows 10 and Windows 11 systems running the Falcon software, with approximately 8.5 million systems worldwide experiencing crashes and an inability to restart correctly. The problematic update was distributed at 04:09 UTC on July 19, 2024. Despite CrowdStrike reverting the update at 05:27 UTC, considerable damage had already occurred within this short timeframe. From a technical perspective, the faulty update caused an out-of-bounds memory read in the Windows sensor client, resulting in an invalid page fault. This technical glitch led to affected machines entering a boot loop or booting into recovery mode, rendering them unusable without manual intervention.

The global impact of the Cloudstrike incident was substantial, disrupting daily life, businesses, and government operations worldwide. Affected sectors spanned a wide range, including airlines, airports, banks, hospitals, manufacturing facilities, stock markets, gas stations, retail stores, and emergency services. The financial consequences of the outage have been estimated to be at least US$10 billion worldwide.

While CrowdStrike released a fix within hours of identifying the issue, the recovery process was not instantaneous. Affected computers required manual repair, leading to prolonged outages for many services. The incident also impacted cloud services, with Windows virtual machines on Microsoft Azure and Google Compute Engine experiencing issues. Interestingly, this event occurred just a day after an unrelated outage on Microsoft's Azure platform, which affected some companies' access to storage and Microsoft 365 applications. This coincidence of two major IT disruptions in close succession brought additional attention to the reliability of critical IT infrastructure.

Cybersecurity agencies urged increased vigilance in the aftermath of the Cloudstrike incident as threat actors attempted to exploit the situation through phishing and other malicious activities. This secondary threat underscored the complex nature of cybersecurity incidents and their potential to create cascading effects.

The Cloudstrike incident of July 19, 2024, highlighted the critical role that cybersecurity software plays in modern IT infrastructure. It demonstrated the potential for widespread disruption when such systems fail, particularly those operating at the kernel level of operating systems. The event also highlighted the importance of thorough testing and robust failsafe mechanisms for software updates in critical systems. As organisations and individuals continue to rely heavily on digital infrastructure, incidents like this serve as a reminder of the vulnerabilities inherent in complex technological systems. The global scale and rapid onset of the disruption caused by the Cloudstrike incident illustrate the interconnected nature of modern IT environments and the challenges in maintaining their stability and security.