Microsoft lays blame at CrowdStrike’s door for global outage

Update: Microsoft has attributed the cause of the global outage to a CrowdStrike update.

In an updated emailed statement to Gulf Business, Microsoft UAE said, “Earlier today, a CrowdStrike update was responsible for bringing down a number of IT systems globally. We are actively supporting customers to assist in their recovery.” 

The statement comes after Microsoft’s cloud unit Azure said on Friday “it was aware of the issue that impacted virtual machines running the Windows OS and the CrowdStrike Falcon agent getting stuck in a “restarting state,”” amid an ongoing global outage.

The unit said it was currently investigating potential options its customers can take for mitigation, reported Reuters.

We’re investigating an issue impacting users ability to access various Microsoft 365 apps and services. More info posted in the admin center under MO821132 and on https://t.co/W5Y8dAkjMk

— Microsoft 365 Status (@MSFT365Status) July 18, 2024

Microsoft 365’s admin centre’s latest update said users may be unable to access various Microsoft 365 apps and services.

It added that “users may notice that some relief as we continue to mitigate the impact.”

Read: CrowdStrike CEO: “This is not a security incident or cyberattack”

What’s down

As per the latest notification for users, Microsoft said the impacted services may include but are not limited to the following:

– PowerBI: Users may notice that their service is in read-only mode while we address impact.

– Microsoft Fabric: Users may notice that their service is in read-only mode while we address impact.

– Microsoft Teams: Users may be unable to leverage Microsoft Teams functions including presence, group chats, and user registration.

– Microsoft 365 admin center: Admins may be intermittently unable to access the Microsoft 365 admin center and any action may be delayed if accessible.

What’s back up

It added that its internal telemetry and customer signals indicate that the following services were recovered:
– Microsoft Defender
– Microsoft Defender for Endpoint
– Microsoft Defender Experts
– Microsoft Intune
– Microsoft OneNote
– OneDrive for Business
– SharePoint Online
– Windows 365
– Viva Engage
– Microsoft Purview

Along with the status update, the admin centre’s notification read: “We’re continuing to see an improvement in service availability across multiple Microsoft 365 apps and services. We’re closely monitoring our telemetry data to ensure this upward trend continues as our mitigation actions continue to progress.”

Cybersecurity experts react to global outage

Meanwhile, regional cyber security experts are starting to weigh in on Friday’s events.

“This Microsoft IT outage demonstrates the need for more robust and resilient solutions so that when these issues do arise, they can be resolved quickly without causing such widespread customer chaos and security risk,” said Mark Jow, Security Evangelist EMEA at Gigamon.

“Preparedness is key – every IT and security vendor must have a robust system in place across its software development lifecycle to test upgrades before they are rolled out to ensure that there are no security flaws within the updates,” Jow added.

Reacting to the global outage, James Maude, Field CTO, BeyondTrust said, “It appears an update from CrowdStrike causes the Windows OS to crash, creating global IT systems outages that have impacted almost every industry. Impacted systems present users with the dreaded “Blue Screen of Death” (BSOD), and in the worst cases, users are stuck in a crash and reboot loop.”

“The fix appears to require physical intervention to rename or remove the update file which is responsible making the recovery process time consuming and complicated for remote systems.”

Maude added, “While any piece of software can be unstable or have bugs, it is particularly an issue for security vendors such as CrowdStrike, as they have a very deep integration into the operating system in order to monitor and protect the endpoint.”

“This means that any bugs or instability can cause the entire operating system to crash which appears to be what we have unfortunately experienced in the past 24 hours.”

The Microsoft-CrowdStrike outage is expected to be one of the biggest-ever IT outages in the world and the fallout is yet to follow. Darren Anstee, chief technology officer for Security, NETSCOUT, said, “There will, undoubtedly, be a huge fall out from this, with a lot of questions set to be raised around how to balance the need for regular security updates for defence, and compliance, with the risk of applying unqualified updates to systems.”

Tesla and X boss Elon Musk has called today’s outage as the “biggest IT fail ever” with initial estimates putting the number of cancelled flights at 1,400 and other industries such as banking, payment systems, government systems going down as well.

Alexey Lukatsky, managing director, Cybersecurity Business Consultant, Positive Technologies said, “This incident shows us how firmly information technologies have become embedded in people’s lives and in various business processes, and how catastrophic the consequences of an accidental or unauthorised, malicious impact on the IT infrastructure can be.

“That is, in other words, businesses are faced with the task of assessing those non-tolerable events with catastrophic consequences that can occur in their activities due to the impact on the IT infrastructure.” 

Read: Microsoft global outage: Major banks, airlines and media impacted