Global IT chaos: an update gone wrong – France 24

An update gone wrong

A massive computer failure affected computers around the world on Friday, disrupting the smooth running of a large number of sectors. The problem was linked to a software update by a company little known to the general public: CrowdStrike.

Planes grounded around the world, trains cancelled in the United Kingdom, hospitals in Germany unable to function properly, and banking services unavailable in South Africa and Australia. Even the Paris Olympic Games Organising Committee said its activities had been affected by the global computer failure on Friday 19 July.

Behind this IT chaos are two names: Microsoft and CrowdStrike. The first because the computers affected by the outage all displayed the famous ‘BSOD’, or ‘blue screen of death’, indicating that Windows was refusing to work. The second is the company behind one of the leading cyber threat protection programmes.

An update at issue

According to the French National Cybersecurity Agency (ANSSI), this was not a cyberattack, but rather a failed software update. ‘This case illustrates the heavy dependence of our global digital infrastructure on a few tools and players,’ says Stéphanie Ledoux, CEO of Alcyconie, a French cyber crisis management company.

In this case, it all started on Friday with the rollout of a patch for one of CrowdStrike’s leading cybersecurity solutions, installed on millions of machines worldwide. CrowdStrike is one of the largest players in the industry, specialising in online protection and monitoring platforms for cyber threats.

CrowdStrike made a name for itself in 2016 as one of the first to identify the actions of Russian cyber attackers during the US election campaign between Donald Trump and Hillary Clinton.

This time, the worm was in one of the company’s EDR (Endpoint Detection and Response) systems. This is a solution ‘that helps detect cyberattack attempts in near real time by identifying abnormal behaviour on a machine,’ summarises Stéphanie Ledoux. The emergence of EDRs in recent years – from CrowdStrike and its competitors – has greatly enhanced IT security around the world.

Except when these solutions no longer work properly. In this case, the patch in question was rolled out worldwide at the same time, and as is often the case with these updates, computers then had to be restarted to take the changes into account. And then, disaster struck! The machines entered what The Verge, an American website specialising in new technologies, called a ‘reboot loop’, preventing the computers from starting up properly.

The return to normal will “take time”.

It was therefore impossible to use these computers. Some hospitals were unable to accept new appointments because their patient databases were stored on machines that were no longer working. Some banking services were unavailable because the computers used to validate transactions were out of action.

“The advantage of these updates is that they can be deployed quickly and globally at the same time. This advantage can become a problem when there is a glitch, as the faulty patch is deployed just as quickly”’ summarises Stéphanie Ledoux.

George Kurtz, CEO of CrowdStrike, assured X that ‘the problem has been identified, isolated and a solution has been deployed’.

This does not mean that everything will immediately return to normal. “To apply the fix, manual intervention is required for each computer. This will take time,” says Stéphanie Ledoux. Millions of workstations are affected, and only employees with administrator rights can restart and apply the update…

“It’s a reminder that in a world where we are used to everything being instantaneous, especially in the digital realm, there are still things that take time”, notes Stéphanie Ledoux. And in this case, time is money: CrowdStrike’s share price fell by more than 15% on the New York Stock Exchange in pre-market trading.

Article written by Sébastien Seibt for France 24.