CrowdStrike update snafu affected 8.5 million Windows devices

About 8.5 million Windows devices worldwide were affected by the botched CrowdStrike update, making up less than 1% of all Windows machines, according to Microsoft.

In a blog post, Microsoft said while the percentage was small, the broad economic and societal impacts of the incident reflect the use of CrowdStrike by enterprises that run many critical services.

On 19 July 2024, a content update that included malware signatures rolled out to users of the CrowdStrike Falcon endpoint protection service led to outages after affected Windows machines started experiencing a Blue Screen of Death (BSOD) error.

In Asia-Pacific, the affected organisations included Malaysia’s AirAsia, Australia’s Coles and Woolworths, India’s PhonePe and Tata Starbucks, as well as Airports of Thailand, among others.

“We recognise the disruption this problem has caused for businesses and in the daily routines of many individuals,” Microsoft said. “Our focus is providing customers with technical guidance and support to safely bring disrupted systems back online.”

The software giant said it is engaging with CrowdStrike to automate the work on developing a fix and has deployed hundreds of Microsoft engineers and experts to work directly with customers to restore services. 

It is also collaborating with other cloud providers including Google Cloud and Amazon Web Services to share awareness on the state of impact they are seeing across the industry and inform ongoing conversations with CrowdStrike and customers.

In a message posted on X earlier today, CrowdStrike said of the approximately 8.5 million Windows devices that were impacted, a significant number are back online and operational.

CrowdStrike has also been working with customers to test a new technique to speed up remediation of impacted systems and is in the process of operationalising an opt-in to the technique. “We’re making progress by the minute,” it added.

In the aftermath of the outage, some national cyber security agencies in the region have warned of an increase in related scams.

On 20 July 2024, Michelle McGuinness, Australia’s National Cyber Security Coordinator, said there were increasing reports of scammers attempting to exploit recovery efforts.

“As systems are being restored, I urge Australian businesses and members of the community to be vigilant. Do not engage with suspicious websites, emails, texts and phone calls,” she said.

Singapore’s Cyber Security Agency also warned of an ongoing phishing campaign targeting CrowdStrike users, with threat actors leveraging the outage as “lure themes” to send phishing emails posing as CrowdStrike support to customers and impersonate CrowdStrike staff in phone calls.

The emails could also be purportedly from independent researchers, claiming to have evidence that the technical issue is linked to a cyber attack and offering remediation insights.