To better understand what happened, the response to the incident, and its consequences, we provide a timeline of the events related to the failed CrowdStrike update, which caused many computers to experience the dreaded blue screen of death (BSOD). We will analyze the impact across various industries and regions, as well as the measures taken before and after the incident. We will also explain the attacks that exploited the vulnerability in the affected Windows systems.
Response and Recovery
Immediate Measures and Resilience Improvement
CrowdStrike launched a series of updates and temporary solutions to mitigate the issues. Performance monitoring of the sensor and system was enhanced, and detailed instructions were provided to customers to resolve the problems.
CrowdStrike published a report outlining measures to prevent future incidents, including:
- Rapid Response Content Testing: Implementation of more rigorous testing, such as stress testing, fuzzing, and fault injection.
- Additional Validation: Adding extra checks to the Content Validator.
- Improved Error Handling: Enhancing error handling in the Content Interpreter.
- Staggered Implementation: A gradual deployment strategy for content updates.
Microsoft blames the EU
Microsoft blamed the European Union for the computer failure, arguing that an agreement with the European Commission in 2009 prevented them from making necessary changes to the system's security, specifically blocking access to the system's kernel. According to Microsoft, this agreement forced them to allow the installation of multiple security providers, contributing to the massive failure.
