This deeper access also increases the risk that security software (and its updates) will crash the entire system, says Matthieu Suiche, head of detection engineering at Magnet Forensics, a security firm. He likens running malware detection software on an operating system’s kernel to “open-heart surgery.”
Still, it’s surprising that a kernel driver update could cause such a massive global computer outage, says Costin Raiu, who worked for 23 years at Russian security software company Kaspersky and led its threat intelligence team before leaving the company last year. During his years at Kaspersky, he says, driver updates for Windows software were closely scrutinized and tested for weeks before being released.
More importantly, they are demanding that Microsoft also verify the code and cryptographically sign it, suggesting that Microsoft may have also missed the CrowdStrike Falcon driver bug that triggered this outage. “It’s surprising that with the extreme focus on driver updates, this happened,” Raiu says. “A simple driver can crash everything. That’s what we saw here.”
Microsoft did not respond to requests for comment on whether it is monitoring the updates and whether the Azure outage is related to the CrowdStrike situation. However, a Microsoft spokesperson said that “the CrowdStrike update was responsible for the outage of a number of IT systems around the world.”
Raiu adds that even so, CrowdStrike is far from the only security firm to trigger Windows crashes with a driver update. Kaspersky updates and even Windows’ built-in antivirus software, Windows Defender, have caused similar crashes.Blue Screen of Death“There have been crashes in the last few years,” he notes. “Every security solution on the planet has had its CrowdStrike moments,” Raiu says. “This is nothing new, except the magnitude of the event.”
Cybersecurity authorities around the world have issued warnings about the disruption, but have also been quick to rule out malicious activity by hackers. “The NCSC does not assess these incidents as being caused by malicious cyberattacks,” said Felicity Oswald, CEO of the UK’s National Cyber Security Centre. Australian officials have come to the same conclusion.
Nevertheless, the impact has been significant and dramatic. Outages have proliferated around the world, as businesses, government agencies and IT teams race to fix stranded machines, which involves manually running machines through a series of corrective steps, including rebooting. In the UK, Israel and Germany, health services and hospitals have seen their systems used to communicate with patients disrupted and some appointments cancelled. In the US, emergency services using 911 have also reportedly had problems with their lines. In the early hours of the outages, some TV channels, including Sky News in the UK, stopped broadcasting live news.
Global air travel has been one of the hardest-hit sectors so far. Huge queues have formed at airports around the world, with one airport in India using handwritten boarding passes. In the US, Delta, United and American Airlines have suspended all flights at least temporarily, with a dramatic graphic showing Air traffic drops over the United States.