Recently, a massive CrowdStrike IT outage caused chaos across the world when an update failure disabled Windows for millions of Microsoft users, resulting in what is now the infamous blue screen of death (BSOD).
What was the Crowdstrike update failure?
On the 19th July 2024, a faulty update by security vendor Crowdstrike triggered one of the largest IT outages in history, affecting millions of Windows systems around the world.
The CrowdStrike Falcon platform, used by Microsoft to manage security risks, released a configuration update that contained an error. This caused around 8.5 million Windows devices to crash, including systems responsible for critical operations such as airlines, healthcare providers, financial institutes, news and media outlets and public transport providers.
Whilst Crowdstrike rectified the error and issued a fix shortly after, the recovery time for all these failed systems was time consuming and problematic, resulting in loss of operation and business, and costing industries billions.
Who is CrowdStrike?
CrowdStrike Holdings, Inc. is a global cybersecurity technology company that provides endpoint security, threat intelligence, and cyberattack response services to companies including Amazon Web Services, Microsoft, eBay and Visa, as well as several US state governments.
What is the Blue Screen of Death (BSOD)?
The Blue Screen of Death (BSOD) is a critical error message shown by Microsoft Windows when the operating system experiences a severe system failure. It appears when the system can no longer function properly, typically due to hardware malfunctions, driver problems, or other serious issues.
While not all organisations rely on Crowdstrike platform for cybersecurity, the incident highlighted the vital importance of robust software updates, something that is of concern to all enterprises, regardless of size.
It also demonstrates that customers must be able to trust their vendors and the reliability of their updates. A failed update can have dire consequences on a business’s ability to provide continuous services. Its reputation is at risk should their systems fail.
WithSecure understands this. For over 30 years, WithSecure has been delivering updates and knows from experience that the quality of its updates is as important to their reputation as it is to their clients.
Find out how WithSecure ensures the quality of updates here.
What does WithSecure say
No testing process can account for every possible scenario. With tens of millions of applications available for Microsoft Windows alone, it would be impractical for WithSecure to test them all. These applications vary widely, from simple desktop utilities with a relatively low risk of compatibility issues to complex, potentially high-risk applications that may include components like kernel drivers.
In addition, some of these applications may be proprietary, and unavailable to WithSecure in any form.
- We will never claim that our processes and practices are foolproof. We have made mistakes in releases over our long existence, but we have taken lessons from these. We continuously look to see if we can make improvements to the processes, and as a result we have not released any significantly faulty and wide-ranging update since 2009.
- We have, however, had releases which are incompatible with third-party applications that we simply cannot catch internally before release. The most recent case was in 2022 when one of our releases had a bug triggered by a third-party driver that we did not have access to, but some of our customers did have. Only a small number of customers was affected, and we fixed the issue in the very next release, and updated our processes to suit.
- While WithSecure endeavours to catch as many of these issues as possible in our testing strategy, it is unfortunately inevitable that some issues may not be caught. We do however aim to minimize the severity of any issues, and we can and do revise our processes and practices as we react to issues found.
A good Change Management process is essential in providing control and quality in development tasks. Quality control is a mandatory step in all aspects of our software development here at WithSecure, and we are always looking into ways we can make our own processes better. We’re really good already, but there’s no space for complacency.
Our company vision states “We envision the future where no one should experience a serious loss or be put out of business because of cyber attack or crime. At least no one who puts their trust in us.” Part of this is ensuring that those who put their trust in us have a service they can rely on, and a robust solution with quality tested updates is a very important part of that.