CrowdStrike disrupted the entire world
On an ordinary Friday in July 2024, CrowdStrike disrupted the entire world.
This is the story of how it happened👇
It began at 04:09 UTC when they released an update to their Falcon security platform.
This update, specifically targeting Windows systems, was designed to enhance protection against emerging threats.
Its job was to modify Channel File 291, a component responsible for monitoring named pipes.
However, hidden inside this update was a critical flaw.
As the update spread across the globe, affecting Falcon sensors version 7.11 and above, chaos ensued.
One by one, Windows machines began to crash.
Screens turned into the dreaded blue of a system failure.
IT departments worldwide were thrown into disarray.
Employees arriving at work found their computers unresponsive.
System administrators couldn’t understand the sudden wave of crashes.
The common denominator quickly became apparent:
CrowdStrike’s Falcon software.
For 1 hour and 18 agonizing minutes, the problem persisted.
CrowdStrike’s team worked feverishly to identify and correct the issue.
At 05:27 UTC, they released a fix, but for many, the damage was done.
In the aftermath, the problem became clear.
The problematic file, Channel File 291, had wreaked havoc from its hiding place in the Windows system folders.
Despite its .sys extension, it wasn’t a kernel driver but a configuration file gone rogue.
(Contrary to some speculations, the issue was not related to null bytes in the file)
Recovery efforts began in earnest.
IT professionals booted affected systems into safe mode, deleting the troublesome file.
Gradually, normalcy returned.
But the most important question remained: How such a critical error had slipped through.