How a Software Update Brought Down Millions of Windows Computers
Understanding the Catastrophic Software Update That Disrupted the Global Economy as a Programmer
If you turned on your computer yesterday and found your Windows computer displaying the infamous Blue Screen of Death (BSOD), you’re not alone. On July 19, 2024, millions, if not billions, of Windows computers were effectively bricked worldwide due to a software update pushed by the enterprise cybersecurity firm CrowdStrike. The fallout has been nothing short of catastrophic, impacting airports, hospitals, and even financial institutions. Ironically, the very cybersecurity firm meant to protect us from digital threats ended up causing a disruption that hackers could only dream of.
In today’s post, we’ll explore the technical side of this disaster and uncover how such a huge mistake could occur in our modern, tech-driven world.
Exclusive content for passionate programmers! Subscribe to our newsletter for latest in tech, tips, hacks, and advice that will transform your coding journey.
Yesterday, countless work computers across the globe stopped functioning, causing widespread chaos. CrowdStrike, a leading name in cybersecurity with over 500 clients on the Fortune 1000 list, found itself at the center of this disaster. Their flagship product, Falcon, is famous for providing endpoint protection using AI and analytics to detect threats in real-time. However, a recent update to Falcon’s sensor led to this unusual outage.
To understand why this happened, we need to delve into how CrowdStrike’s Falcon sensor operates. It’s installed like regular software, Falcon integrates deeply with the operating system, often using kernel mode drivers. These drivers sit quietly in the background, monitoring for anomalies, collecting telemetry data, and producing reports. However, this low-level integration means that if something goes wrong, the entire system can fail — which is what happened here.
An automated software update containing incorrect code was pushed out, and every computer that received this update was rendered unworkable the next day. This wasn’t just a regular outage — each affected computer needed to be rebooted in fail mode to manually remove the problematic driver.
The consequences were immediate and severe. The London Stock Exchange faced disruptions, many Indian airports had to revert to writing boarding passes by hand, and numerous other critical systems were brought to a standstill. CrowdStrike was quick to clarify that this was not a cyberattack, but rather an internal error. They also expedited a fix, which is a piece of cake:
- Detach the operating system disk.
- Create a snapshot or backup of the disk.
- Mount the volume to a new virtual server.
- Navigate to the “WINDIR” driver’s directory.
- Locate and delete the file “c-00000291.sys”.
- Detach the volume from the new virtual server.
- Reattach the fixed volume to the impacted virtual server.
Alternatively, another much more easier way is to head to Home Depot, buy a sledgehammer, and use it to uninstall Microsoft Windows permanently, and install Linux instead.
Vincent Flibustier, a programmer at the company, is the only one behind this disaster. His code caused enormous trouble, not a team of programmers or the entire company — just one and only programmer. After his code wreaked havoc on the system, he was immediately fired by the company. He claims he was unfairly fired for changing just one line of code. Which highlights both the power of a programmer and the fragility of programming.
But why was it unfair to fire him, you might ask? Well, it was indeed unfair because he changed the line, and his code passed through all the tests and security checks. Only when it was merged, it brought the entire system to its knees, which arguably couldn’t have been entirely his fault.
Thank you for reading! If you enjoyed this article and want to stay updated on the latest in tech Follow Me for more. 🚀
Don’t forget to subscribe to my exclusive newsletter for My Audience: 👇
— You can follow me on X (formerly Twitter) or LinkedIn as well, where I’ll share short and incredible stuffs out there, so don’t miss those. 🚀