San Francisco, NFPost: These are the first real numbers released by either Microsoft or CrowdStrike around the scale of yesterday’s outage, which was caused by an update to CrowdStrike’s cybersecurity software that led Windows machines to crash. (Mac and Linux devices were not affected.)
Microsoft admitted that 1% of its hardware, around 8.5 million devices, were affected due to an update of software from independent cybersecurity company CrowdStrike. It is interesting to note that Mac and Linux devices were not affected.
In a statement, Microsoft Enterprise and OS Security Vice President David Weston said a software update that began impacting IT systems globally.
“Although this was not a Microsoft incident, given it impacts our ecosystem, we want to provide an update on the steps we’ve taken with CrowdStrike and others to remediate and support our customers. Since this event began, we’ve maintained ongoing communication with our customers, CrowdStrike and external developers to collect information and expedite solutions,” said Microsoft Enterprise and OS Security Vice President David Weston.
The official also said the company recognises the disruption the problem has caused for businesses and in the daily routines of many individuals. David Weston also said Microsoft focuses on providing customers with technical guidance and support to safely bring disrupted systems back online. Steps taken have included:
- Engaging with CrowdStrike to automate their work on developing a solution. CrowdStrike has recommended a workaround to address this issue and has also issued a public statement. Instructions to remedy the situation on Windows endpoints were posted on the Windows Message Center.
- Deploying hundreds of Microsoft engineers and experts to work directly with customers to restore services.
- Collaborating with other cloud providers and stakeholders, including Google Cloud Platform (GCP) and Amazon Web Services (AWS), to share awareness on the state of impact we are each seeing across the industry and inform ongoing conversations with CrowdStrike and customers.
- Quickly posting manual remediation documentation and scripts found here.
- Keeping customers informed of the latest status on the incident through the Azure Status Dashboard here.
Microsoft is working around the clock and providing ongoing updates and support. Additionally, CrowdStrike has helped Microsoft develop a scalable solution that will help Microsoft’s Azure infrastructure accelerate a fix for CrowdStrike’s faulty update. Microsoft also claims that they have also worked with both AWS and GCP to collaborate on the most effective approaches.
“While software updates may occasionally cause disturbances, significant incidents like the CrowdStrike event are infrequent. We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines. While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” said Microsoft Enterprise and OS Security Vice President David Weston.
According to Arvian Consulting, this incident demonstrates the interconnected nature of broad ecosystem — global cloud providers, software platforms, security vendors and other software vendors, and customers.
“It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist,” said Arvian Consulting.
As Microsoft has seen over the last two days, the company learns, recovers and move forward most effectively when it collaborate and work together. “We appreciate the cooperation and collaboration of our entire sector, and we will continue to update with learnings and next steps,” states Microsoft.
