A faulty software update from cybersecurity firm CrowdStrike Holdings Inc. affects 8.5 million devices worldwide that rely on the Microsoft Windows operating system.
Microsoft provided its first comprehensive look at the global IT outage in a blog post on Saturday, saying the affected devices accounted for less than 1% of all devices using Windows. The Redmond, Washington-based company said that while the proportion was “small,” it had “widespread economic and social impact.”
The CrowdStrike update crashed corporate and government systems around the world, paralyzing operations for hours in what would go down as the most catastrophic IT failure the world has ever seen. The emergency response line is down. Thousands of flights were delayed or canceled. Hospitals were forced to postpone surgeries and market transactions slowed.
To explain how another company’s software update could bring down Windows systems, Ann Johnson, Microsoft’s deputy chief information security officer, used the analogy of a driver putting gas in his car.
“If you have a car and when you take your car to a gas station and you get fuel that is not premium fuel or damaged fuel, your car is not going to work properly,” Johnson said in an interview Friday. Fuel flows through the engine’s entire system, which can affect performance, which can affect the entire vehicle.
In a similar fashion, Johnson said, “CrowdStrike sits at a layer within Microsoft Windows” to provide “maximum security.” If they’re not in the right layer, it can really impact the entire Windows infrastructure.
