A faulty software update from cybersecurity firm CrowdStrike Holdings Inc. affected 8.5 million devices globally that rely on the Microsoft Windows operating system.
Microsoft Corp. gave the full scope of the worldwide IT outage for the first time in a blog post on Saturday, saying those affected represented fewer than 1% of all devices that use Windows. “While the percentage was small,” the Redmond, Washington-based company said, there were “broad economic and societal impacts.”
In what will go down as the most catastrophic IT failure the world has ever seen, the CrowdStrike update crashed the systems of businesses and governments globally, paralyzing their operations for hours. Emergency response lines went down. Thousands of flights were delayed and canceled. Hospitals were forced to delay procedures, and trading across markets slowed.
In an effort to explain how another firm’s software update brought down Windows systems, Ann Johnson, a deputy chief information security officer at Microsoft, used the analogy of a driver filling a car with fuel.
“If you have an automobile, and you take that automobile to the fuel station and you get fuel that is not quality fuel or corrupted fuel, your automobile is not going to work properly,” Johnson said in an interview Friday. “The fuel is traversing throughout the entire system of your engine, and it will impact performance. It may impact the vehicle on a whole.”
In a similar way, Johnson said, “CrowdStrike lives at a layer within Microsoft Windows” to provide “the utmost of security. They live at a layer that truly does impact the entirety of the Windows infrastructure if they get it incorrect.”
