Frequently Asked Questions Following the 19th July 2024 Global IT Outage

What caused the outage? 

The global IT outage of 19.07.24 was when CrowdStrike released a configuration update to Windows systems. This update triggered a logic error resulting in a system crash and ‘blue screen of death’ (BSOD) on affected systems.

Who are CrowdStrike? 

Founded in 2011, CrowdStrike has been immensely successful up until this outage. The scale of the outage demonstrates just how widely used their technology is. It is widely regarded as the gold standard in Endpoint Detection & Response (EDR). EDR tools are used to block hackers and malware on the endpoint devices (phones, laptops etc.)  

Who is George Kurtz? 

George Kurtz is president and CEO of CrowdStrike. He founded the anti-virus software company Foundstone in 1999, before selling it to McAfee in 2004 and staying on as CTO. In 2009, he authored “Hacking Exposed: Network Security Secrets & Solutions,” a best-selling cyber-security book. He went on to found the company CrowdStrike and has been at the centre of this outage, apologising publicly on Sky News the day of the outage.  

Could it happen again? 

No one can predict the future, but the likelihood of CrowdStrike pushing out a defect such as this again is extremely slim. In an email sent to customers and partners on the day of the outage, the CEO of CrowdStrike, George Kurts stated: “As we resolve this incident, you have my commitment to provide full transparency on how this occurred and steps we’re taking to prevent anything like this from happening again.” 

Software companies across the globe are no doubt reviewing their release management processes and dedicating additional resources to these departments.  

Were CrowdStrike subject to a cyber-attack? 

Throughout the outage and in the days that followed, CrowdStrike have stated categorically that “This was not a security or cyberattack”. While there may be some scepticism around this assertion, the speed with which the problem was identified, and a fix issued suggests that this was indeed a faulty update rather than a cyberattack. 

Is everything fixed now? 

The sensor configuration update that caused the system crash was remediated on Friday, July 19, 2024, 05:27 UTC. This means that the team at CrowdStrike found the problem and issued the fix, but it does not mean the systems are fixed. There were still as series of steps that needed to be followed to resolve the problem on each machine. Therein lies the issue, each affected machine needed to be fixed manually. We published the steps that needed to be taken here. While not complex, the solution required minutes of work per machine by an IT professional. When this is scaled up to all affected machines, it is clear why the fix is taking days, not minutes.  

There is talk about cyber-attacks following this issue, what do I need to know? 

Cyber agencies in the UK and Australia have urged caution against fake emails, calls, and websites posing as official. CrowdStrike’s CEO, George Kurtz, advised users to verify they are communicating with official representatives before downloading fixes. SecureWorks researchers have noted a rise in CrowdStrike-themed domain registrations by hackers. You therefore need to be extra careful.  

IT managers in particular should be cautious as they will be the prime targets. While IT managers will be aware of all the most common phishing red flags, it is important to be extra careful after what will no doubt have been a busy few days when IT professionals worldwide are tired and naturally more vulnerable.  

CrowdStrike Customer Questions 

The following questions are provided to help CrowdStrike customers who have been affected most directly. 

I’m still struggling to get systems operational. What should I do? 

CrowdStrike are providing continuous updates through their Support Portal at https://supportportal.crowdstrike.com/s/login/. We are also publishing the latest advice on our website here: https://www.redhelix.com/media/crowdstrike-update/ should you have trouble accessing the portal.  

If you subscribe to a managed service such as those offered by Red Helix, you should contact your service provider. We had all our affected customers operational again within the working day on Friday and you should have received the same level of support from your provider.  

Am less secure following this issue? 

No. The issue has been identified and resolved and CrowdStrike have categorically stated that it was not a security or cyberattack. The issue has not made the solution less secure, and your Endpoint Detection & Response (EDR) tool will be working as before. There will likely be an increase in activity from cyber criminals following this global IT outage so your security tools will be more important than ever.  

Will I be compensated? 

This will depend on the terms and conditions of your contract. CrowdStrike’s standard terms and conditions limit liability to fees paid. Unless you negotiated other terms, your first port of call will be your cyber insurance provider. 

Should I implement a different EDR tool? 

That is up to you. At Red Helix, we work to bring the very best tools to small and medium-sized enterprises so that they too can benefit from the same tools as the very largest and most secure companies. The scale of the outage highlights how popular CrowdStrike’s products are. They are market leading for a reason and arguably are the last company to suffer such an issue again. CrowdStrike have said they will provide full transparency on the steps they’re taking to prevent anything like this from happening again.