This Saturday, July 20, Microsoft announced that around 8.5 million devices with Windows operating system were affected by a global failure that occurred last Friday 19. The failure, less than 1% of the total number of Windows devices in the world, was caused by a bug in the Falcon antivirus of the cybersecurity company CrowdStrike, according to estimates made together with Amazon and Google.
The problem arose due to a faulty update of CrowdStrike's Falcon Sensor software, which generated a logic error on all devices running Windows 7.11 or higher versions. This error triggered the appearance of the “Blue Screen of Death” (BSOD), especially in developed countries.
Microsoft indicated on its blog that it met with CrowdStrike, Google Cloud Computing (GCP) and Amazon Web Services (AWS) to develop a scalable solution to the problem. However, so far, restoring to the previous version of the Falcon platform must be done manually by turning on Windows in security mode and deleting the files responsible for the error. This process could require up to 15 system restarts.
Full restoration of normal security systems could take days or even weeks, according to technology experts. Although only a small fraction of the world's computers were affected, the outage also impacted cloud platforms serving thousands of businesses and other critical points of global infrastructure, significantly affecting the population.
CrowdStrike's Falcon software, an advanced cybersecurity solution that uses artificial intelligence to detect threats the same day it is created, is known for its high efficiency and high cost, which can be ten times that of a conventional antivirus. This high price limits its access in countries such as Brazil and others in Latin America, being more common in large companies and critical entities.
Among the most notorious victims in Brazil are banks such as Bradesco, Neon and Next, the airline Azul, the Hospital de Clínicas de São Paulo and energy distributors. Abroad, the impact was even greater. Of the more than 110,000 commercial flights scheduled for Friday, around 5,000 were canceled, affecting airports and airlines in the United States, Europe, Asia and Oceania. In China, the impact was minimal due to restrictions on U.S. platforms.
In Spain, the failure affected critical services such as Aena airport services, health services such as Osakidetza, and banking services such as Visa, Bizum and Caja Rural. The London Stock Exchange also experienced problems, as well as other services in countries such as the United States and Australia. The DownDetector platform reported problems in services such as Microsoft 365, Microsoft Store, Microsoft Azure, and social networks such as Instagram and Spotify.
Throughout Friday afternoon, the situation improved thanks to the work of CrowdStrike, which released a patch to resolve the issue. George Kurtz, CEO of CrowdStrike, assured that the flaw was not due to a security breach, but to a “specific flaw in the recent update”. Despite this, CrowdStrike shares suffered a significant drop as investors reacted to the potential long-term implications of the incident.
This event highlights the vulnerability of critical systems to failures in software updates and the importance of having robust protocols in place for managing cybersecurity incidents, ensuring rapid recovery and minimizing impacts to vital infrastructure globally.
