close
close

CrowdStrike update bug affects 8.5 million Windows devices

Posted on by darion

According to Microsoft, about 8.5 million Windows devices worldwide were affected by the failed CrowdStrike update, which is less than 1% of all Windows PCs.

Microsoft said in a blog post that while the percentage was small, the broad economic and societal impact of the incident reflects the use of the CrowdStrike tool by enterprises providing multiple critical services.

On July 19, 2024, a content update containing malware signatures released to CrowdStrike Falcon endpoint protection service users led to service interruptions after infected Windows computers began experiencing a Blue Screen of Death (BSOD) error.

In the Asia-Pacific region, those affected included Malaysia’s AirAsia, Australia’s Coles and Woolworths, India’s PhonePe and Tata Starbucks, as well as airports in Thailand.

“We recognize the disruption this issue has caused to businesses and the daily activities of many people,” Microsoft said. “Our goal is to provide customers with technical guidance and support to safely restore affected systems.”

The software giant said it is working with CrowdStrike to automate the patch effort and has dispatched hundreds of Microsoft engineers and experts to work directly with customers to restore services.

It also partners with other cloud providers, including Google Cloud and Amazon Web Services, to share insights into the impact they’re seeing in the industry and inform ongoing conversations with CrowdStrike and customers.

In a news release posted on X today, CrowdStrike said that of the approximately 8.5 million Windows devices affected by the issue, a significant number are back online and working properly.

CrowdStrike is also working with customers to test a new technique to speed up the repair of compromised systems, and is in the process of implementing opt-in to that technique. “We’re making progress by the minute,” he added.

Following the outage, some national cybersecurity agencies in the region are warning of an increase in scams related to the outage.

Michelle McGuinness, Australia’s national cybersecurity coordinator, reported on July 20, 2024 that there are increasing reports of scammers trying to take advantage of data recovery attempts.

“As systems are restored, I urge Australian businesses and members of the public to remain vigilant. Do not engage with suspicious websites, emails, text messages or phone calls,” she said.

The Singapore Cybersecurity Agency also warned of an ongoing phishing campaign targeting CrowdStrike users. Actors exploiting the service outage are sending phishing emails to customers, impersonating CrowdStrike customer service representatives, and impersonating CrowdStrike employees in phone calls.

The emails may also purport to come from independent researchers who claim to have evidence that a technical issue is related to a cyberattack and offer guidance on how to resolve it.