
A software update pushed by cybersecurity firm CrowdStrike knocked 8.5 million Windows devices offline, which is less than one percent of machines relying on the operating system, Microsoft said. The Redmond giant also released a tool to help recover affected computers.
Despite the small percentage of impacted Windows clients and servers, the update caused widespread outages worldwide, affecting banks, airlines, healthcare, and other strategic sectors.
“While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” Microsoft said in a blog post. “CrowdStrike's update affected 8.5 million Windows devices.”
To help IT admins expedite the repair process, Microsoft has released a recovery tool.
The two repair options allow admins to create bootable media that helps facilitate device repair quickly. The first option recovers the system without local admin privileges, however, if BitLocker or another disk encryption solution is used, users may need to enter the recovery key.
The second option allows the system to be recovered from safe mode and it may enable recovery without the entry of BitLocker recovery keys.
The tech giant also deployed hundreds of engineers and experts to work directly with customers to restore services.
“This incident demonstrates the interconnected nature of our broad ecosystem — global cloud providers, software platforms, security vendors and other software vendors, and customers. It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist,” Microsoft said.
CrowdStrike is also testing a new technique to accelerate impacted system remediation.
“We’re in the process of operationalizing an opt-in to this technique. Customers are encouraged to follow the Tech Alerts for the latest updates as they happen, and they will be notified when action is needed,” the company said.
CrowdStrike warns that adversaries and bad actors try to exploit events like this. Suspicious domains already emerged as threat actors try to exploit the outage to scam enterprises through social engineering attacks.
🚨 Suspicious Domains Emerged After Faulty #CrowdStrike Update
undefined Dark Web Intelligence (@DailyDarkWeb) July 19, 2024
Following the CrowdStrike update issue, threat actors began to register fake domains in an attempt to use the outage to target enterprises through social engineering attacks.
Some of these domains are already… https://t.co/XGU3Agm8fm
CrowdStrike also observed threat actors distributing malicious “hotfixes” in the form of a ZIP archives containing the “HijackLoader” payload, which targets Latin American-based customers.
“I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates,” said George Kurtz, CrowdStrike Founder and CEO.
Your email address will not be published. Required fields are markedmarked