On Friday, July 19, Microsoft's system experienced a global outage, the market fell into chaos, many companies encountered operational problems, and the global supply chain was also hit. Thousands of flights were suspended or delayed in the world's largest air cargo hubs in Eurasia and North America.It may take weeks for air traffic to return to normal. CrowdStrike, the "culprit" behind the incident, has therefore become the focus.

According to media reports, yesterday's global computer system crash was caused by a problem in the CrowdStrike Falcon version update.

In early trading on Friday local time, CrowdStrike's stock price fell 14% at one point, and closed down 11.1% at $304.96 per share.The market value evaporated by nearly 10 billion US dollars overnight.Worst single-day performance since 2022。On this occasion, "Wood Sister"ARK ETF managed by Cathie WoodAlso a big bargain.

So what company was the culprit behind this "global outage"? How did it affect Microsoft and cause such a huge damage?

What is CrowdStrike?

According to reports, CrowdStrike is a company that provides online security solutions, focusing on providingcloud computingEndpoint protection platform. Founded in 2011 and headquartered in California, USA, CrowdStrike's main product is the Falcon platform, which uses artificial intelligence and machine learning technology to detect, prevent and respond to network threats.

CrowdStrikeIt's AmericanLeading cybersecurity company,Well-known for its ability to detect and protect against advanced cyberattacks,271 of the world's top 500 companies are its customers，Its software is used by some of the largest cloud service providers, including Microsoft and Amazon AWS, as well as major global banks, healthcare and energy companies., helping them detect and block hacker threats,Its software is also used by many government agencies, such as the top U.S. cybersecurity agency and the Infrastructure Security Agency.。

According to market researcher IDC, in the $8.6 billion “endpoint detection and response” (EDR) software market,CrowdStrike has a market share of about 18%, second only to Microsoft.

How does CrowdStrike cause blue screens? And why is Microsoft involved?

The type of software CrowdStrike offers is different from older, limited-version security software that was effective in the early days of computers and the internet because it caught signs of known malware but has fallen out of favor as attacks have become more sophisticated.

Now, CrowdStrike has developed what it calls endpoint detection and response software, which is much more effective than traditional antivirus software, butLike other cybersecurity products, CrowdStrike's software requires deeper access to a computer's operating system to scan for threats.And that access gives them the power to compromise the systems they are trying to protect.

Microsoft and CrowdStrike are competitors that offer similar "endpoint" network security products. CrowdStrike's Falcon platform can be integrated with Microsoft's security products, such as Microsoft Azure and Microsoft 365, to enhance overall network security protection capabilities.

Yesterday's crash was reportedly caused by a software code update released by CrowdStrike that incorrectly interacted with the Windows system,This caused a large number of users to experience a "blue screen of death".

CrowdStrike co-founder and CEO George Kurtz acknowledged the issue and said a fix had been deployed:

“CrowdStrike is actively working with impacted customers to resolve a flaw in a single content update found on Windows hosts. Mac and Linux hosts are not affected. This is not a security incident or cyberattack.”

CrowdStrike A mistakeThe software update caused a cascading outage for customers in industries including aviation, banking, healthcare, retail, and more, affecting ports, businesses, and governments. Hospitals were forced to postpone surgeries, and McDonald's, UPS, and FedEx also experienced outages.Employees at JPMorgan Chase & Co., Nomura Holdings Inc. and Bank of America Corp. were unable to log into company systems on Friday.

For the airline, this failure caused communication difficulties between the aircraft and the ground control console, affecting passengers' travel.FlightAware shows more than 21,000 flights delayed worldwide. Currently, United Airlines, Delta, American Airlines, Lufthansa, Air France-KLM, and Ryanair are gradually resuming operations, but slowly.

Niall van de Wouw, chief airfreight officer at supply chain consultancy Xeneta, said in a statement:

"The planes and cargo were not where they were supposed to be.It may take days or even weeks to fully resolve。It's a reminder of how vulnerable our ocean and air freight supply chains are to IT failures.”

cyber securityProfessionals say,

CrowdStrike’s technology is a powerful defense against ransomware, but its cost, which can exceed $50 per machine in some cases, means most businesses don’t install it on all their computers, which are the ones that need protection most and if they go down, so can critical services.

Marie Vasek, Assistant Professor at the Department of Computer Science at University College London, said:

"Large-scale computercollapseThe report shows how much the world's technology systems rely on software from a handful of companies, including Microsoft and CrowdStrike. The problem here is that Microsoft is the standard software that everyone uses, and the vulnerability in CrowdStrike is deployed to every system.”

CrowdStrike also said that due to the company's market dominance in operating systems and productivity software, any weakness could have potentially catastrophic effects.

It is worth noting thatThis global IT technology failure alsoThis caused Tesla to suspend some production lines.At around 1:10 am Beijing time on July 20, according to media reports, Tesla suspended some production lines due to a global IT technology failure caused by CrowdStrike, and company employees have not yet been informed when they can resume work and production.Musk said，“We have just removed CrowdStrike from all of our systems.”

How to solve the problem? Who will bear the loss?

CrowdStrike CEO George Kurtz said:The problem has been identified and a fix has been deployed, but any Windows desktop or laptop that was down due to the update, in addition to Mac and Linux machines, will need to be updated again.

According to a communication between CrowdStrike and a customer cited by the media, CrowdStrike's technical support team suggested that:Affected systems may need to be restarted up to 15 times.

Insurance broker Marsh McLennan said more than 75 clients could potentially file cyber-injury claims as a result of CrowdStrike's global outage.

For the failure causedeconomyThe extent of the losses, and who will bear them, will not be known for some time.Most software vendors are not legally responsible for damage caused by their programs, which they license rather than sell. But they often have service agreements with their largest customers and may need to help with remediation, give discounts or other compensation.

CrowdStrike said in a statement:

"We are working with all affected customers to ensure systems are back up and running and can provide the services our customers expect."

In addition, it is worth noting thatAnother incident involving Microsoft's Azure cloud service also caused service disruptions. Microsoft said it had fixed the underlying issue but that users would still feel "residual impacts."

Some analysts say thatIt is not clear whether the computer systemcollapseHow much was caused by a flaw in the CrowdStrike software update and how much was caused by problems with Microsoft's online services and its enterprise cloud computing service Azure that began Thursday.

But a Microsoft spokesperson said the company does not believe the CrowdStrike software vulnerability was linked to the outage, which affected "some Azure customers."

What does Wall Street think?

Analysts have different attitudes.Dan Ives, an analyst at Wedbush Securities, said:

“This is obviously a significant blow to CrowdStrike and the stock will come under pressure.... This incident stems from a technology update rather than a hacker or cybersecurity threat, which would be more worrisome.”

Some analysts also believe that although Friday's incident has caused damage to CrowdStrike, they do not expect competitors to lose much market share as a result of the incident. Analysts at JPMorgan Chase said:

“Customers were initially upset, but the company has taken control of the issue... The outage happened and was large, but we think CrowdStrike’s diligence and efficient response will help.”

Ben Bernstein, a former cybersecurity investor who now runs security startup Gusto, said he plans to continue using CrowdStrike for the time being.

It is worth noting that when the global outage caused a sharp drop,“"Wood Sister" made a big move to "buy at the bottom"CrowdStrike，On July 19th local time, Cathie Wood's Ark Investments bought 38,595 shares of CrowdStrike worth approximately US$13.24 million against the trend through its ARKW and ARKF ETFs.(Editor: Wang Li)