news

한어Русский языкEnglishFrançaisIndonesianSanskrit日本語DeutschPortuguêsΕλληνικάespañolItalianoSuomalainenLatina

The follow-up to Microsoft’s global blue screen is here.

On July 19th local time, a failed software update by cybersecurity company CrowdStrike caused the crash of countless Microsoft Windows computer systems around the world, affecting multiple industries around the world.

Microsoft said on the 20th local time that there was a "defect" in the software update released by the US computer security technology company "Crowdstrike" for the Microsoft Windows system.The resulting outage is estimated to have affected nearly 8.5 million devices worldwide that have the system installed.Microsoft said CrowdStrike had developed a solution to speed up fixes.

A large number of flights have been cancelled worldwide

Hospital had to cancel surgery

After the incident, the first industry to be affected was the aviation industry. According to aviation analysis company Cirium, there were more than 110,000 scheduled commercial flights worldwide on Friday, of which more than 5,000 were canceled, more than double the number of canceled flights on Thursday.

FlightAware flight tracking data showed that more than 21,000 flights were delayed worldwide on Friday, with Delta Airlines being the worst affected, with 20% of its flights canceled. The number of flight delays and cancellations on Friday morning was more than double the same period in the past two days, and FlightAware expects the impact of this incident on the aviation industry to continue for the next few days.

At many airports in Europe, America, Asia and Latin America, passengers line up in long queues to handle their business. (Photo/CCTV News)

In addition, airports from Los Angeles to Singapore, Amsterdam and Berlin had to use handwritten boarding passes to check in, causing widespread delays. A Mexican tourist said in an interview: "When we arrived, no one told us where we could check in, so different people lined up in different places and the scene was very chaotic."

The percentage of delayed and canceled flights at selected U.S. airports by hour. Data as of 11:40 a.m. ET on Friday, covering 31 airports in the largest U.S. metropolitan areas. Light blue is Friday, blue is Thursday, and black is Wednesday. Source: FlightAware, Bloomberg

As the day wore on, many airlines, including United Airlines, American Airlines, and Spanish airport operator Aena, reported that service had returned to normal. U.S. Transportation Secretary Pete Buttigieg said the problems with the transportation system appeared to have been resolved and were expected to return to normal by Saturday, adding that the Federal Aviation Administration did not appear to be affected.

The incident also affected key sectors such as finance and healthcare. The London Stock Exchange suspended news distribution through RNS, a service used by publicly listed companies to publish price-sensitive regulatory announcements, during the outage.

In addition, several financial institutions including JPMorgan Chase, Nomura Holdings and Bank of America had to activate backup systems, and thousands of JPMorgan Chase ATMs and teller machines were paralyzed.

British Sky News was unable to broadcast live television and apologized to its viewers.

In the health sector, doctors in the UK's National Health Service (NHS) have been unable to access scans, blood tests and patient histories, and the Mayo Clinic in New York and Massachusetts General Hospital in Boston have also warned that CrowdStrike issues are affecting patient care, and several hospitals in Europe have had to close clinics and cancel surgeries.

Tesla was also affected, Musk "burned the computer room"

In the automotive sector, Renault was forced to suspend production at its Maubeuge and Dubai plants as suppliers were affected by technical glitches.

Several Tesla factories were also affected. The workers on Thursday night shift at Tesla factories were directly affected. As equipment in some factories began to report errors, Tesla's super factories in Austin, Texas and Nevada all let some workers go home early. The company then sent a memo on Friday morning informing employees that the company was affected by a "Windows host outage" that caused problems with servers, laptops and manufacturing equipment.

In response, Tesla CEO Elon Musk said:The company has removed the CrowdStrike software from all its systems and complained that the outage had a serious impact on the automotive supply chain. Musk angrily replied: "What you did has a huge impact on the automotive supply chain."

After announcing the "deletion of all CrowdStrike software," Musk also said: "Unfortunately, Tesla has many suppliers and logistics companies using that company's software." He then attached an AI-generated picture of a "CrowdStrike computer room on fire" to vent his dissatisfaction.

Photo/Musk social media

Who is the perpetrator CrowdStrike?

The main cause of the incident was that the network security service company CrowdStrike deleted an important Windows system file when updating its antivirus software.

According to CCTV News, CrowdStrike CEO George Kurtz apologized on social media X and in an interview with American TV media on the 19th. The company said that the failure involved an automatic update of a software that prevents cyber attacks. The company has deployed a fix and issued a repair guide to users. Some systems require manual repair.

Ann Johnson, Microsoft's corporate vice president and deputy chief information security officer, said late on the 19th that customers are receiving or have received the necessary information and are getting the support they need.But it is impossible to estimate how long it will take for customers to resume using Microsoft systems.

Ali Mellen, an analyst at the international analysis agency Forrester, said:Manual repair requires deleting damaged files, etc., which is time-consuming. Some of CrowdStrike's large customers may manage millions of computers, and it may take them several days or longer to complete the repair work.

Public information shows that CrowdStrike was founded in 2011 and is headquartered in Austin, Texas, USA. It has operations in more than 170 countries and has more than 7,900 employees as of January. CrowdStrike provides cloud-based security solutions for enterprises. Its Falcon tool (one of the reasons for the interruption on Friday) identifies abnormal behavior and vulnerabilities to protect computer systems from threats such as malware. The company reported revenue of more than $900 million in the quarter ending in April, of which US revenue accounted for nearly 70%.

The type of software CrowdStrike offers is very different from older, more limited types of security software. Traditional antivirus software was very useful in the early days of computers and the internet because it looked for signs of known malware, but has fallen out of favor as cyberattacks have become more sophisticated. CrowdStrike's product, called "endpoint detection and response" software, is more sophisticated and can constantly scan machines for signs of any suspicious activity and automatically respond.

But to do that, these programs must gain access to check the core of a computer's operating system for security flaws. This access allows them to compromise the systems they are trying to protect. That's how Microsoft's Windows system played a role in Friday's outage, which ultimately triggered the global "blue screen of death" problem. CrowdStrike blamed the incident on "a flaw discovered in a single content update for Windows hosts."

CrowdStrike controls about 18% of the $8.6 billion global "modern" endpoint detection and response software market, slightly ahead of its main rival Microsoft, according to market research firm IDC. Its software is considered one of the best defenses against a variety of emerging hacker threats, using artificial intelligence and traditional security strategies to keep up with hackers.

CrowdStrike has about 29,000 customers worldwide. Some of the world's largest technology companies, such as Alphabet, Google, Amazon, and Intel, are its customers. The company's business covers a variety of industries, and the U.S. government is also one of its customers.

Wind data showed that the incident caused CrowdStrike's stock price to fall 15% on Friday, and then the decline narrowed to 11.1%, with its market value shrinking by more than US$9.2 billion in a single day.

The downtime incident triggered reflections from all walks of life

This outage incident has caused some reflection: many parts of the world and many sectors of society are heavily dependent on services provided by a few technology companies, and once a problem occurs, "one move can affect the entire body."

According to CCTV News, Xie Hui, assistant researcher at the China Institute of International Studies, said that the private sector is at the forefront of technological development and innovation and has a lot of dominance, but these sectors are now increasingly linked to the public interest, so it is necessary to strengthen supervision of the private sector so that it can invest in building more reliable network infrastructure and reduce the risks caused by single point failures. She believes that countries should also strengthen international cooperation, such as establishing a cross-border information sharing platform, strengthening the perception and response to network threats, or jointly developing advanced network security protection systems and technologies to jointly respond to network security challenges. In addition, global network security companies should be encouraged to compete fairly and strengthen multi-level defense strategies to ensure that even if problems occur at one level, it will not lead to the collapse of the entire system.

John McDermid, a professor at the University of York in the UK, warned that all industries, especially the infrastructure sector, should guard against such problems in the future.

Jill Luria, senior software analyst at DA Davidson, a US market forecasting agency, said that most companies cannot find alternatives to Microsoft. After this incident, some corporate users may consider looking for alternative solutions for security products.

Source: Securities Times, CCTV News, public information

SFC

Editor of this issue: Li Yutong

21 Recommended Reading