CrowdStrike IT outage affected 8.5 million Windows devices, Microsoft says

Recently, a significant IT outage affected a staggering 8. 5 million Windows devices globally, according to Microsoft. This incident marks the first time a specific number has been reported regarding the impact of this outage, which continues to create challenges for users worldwide. The root of the problem lies with CrowdStrike, a cybersecurity firm that inadvertently distributed a faulty software update to its extensive customer base. Microsoft, which is actively assisting customers in recovering from this issue, stated in a blog post that 'we currently estimate that CrowdStrike’s update affected 8. 5 million Windows devices. ' David Weston, the vice-president of enterprise and OS at Microsoft, noted that while this number represents less than 1% of all Windows machines globally, the broader economic and societal implications are significant, given that many critical services rely on CrowdStrike's technology. Microsoft has the capability to accurately track the number of devices impacted by the outage due to its performance telemetry, which monitors internet connections. The tech giant emphasized that this incident was not a failure of its own software, but rather a reminder of the necessity for companies like CrowdStrike to implement rigorous quality control measures on updates before they are released. Mr. Weston further remarked, 'It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist. ' The fallout from this IT glitch has been immense, and it is already being classified as one of the worst cyber incidents in history. The figure provided by Microsoft suggests that this may be the largest cyber event ever recorded, surpassing all previous hacks and outages. The closest comparable incident is the WannaCry cyber-attack in 2017, which is estimated to have impacted around 300,000 computers across 150 countries. Following that, there was another disruptive attack known as NotPetya just a month later. Additionally, a major six-hour outage occurred in 2021 at Meta, the parent company of Instagram, Facebook, and WhatsApp, but that incident was largely confined to the social media giant and its associated partners. The scale of this outage has also led to warnings from cybersecurity experts and agencies worldwide about a potential surge in opportunistic hacking attempts linked to the IT failure. Cybersecurity agencies in the UK and Australia are advising individuals to remain vigilant against fraudulent emails, phone calls, and websites that may impersonate official sources. CrowdStrike's CEO, George Kurtz, urged users to ensure they are communicating with legitimate representatives from the company before downloading any fixes. 'We know that adversaries and bad actors will try to exploit events like this,' he stated in a blog post. It is common for hackers to adjust their tactics in response to major news events, particularly those related to technology, as they seek to exploit the fear and uncertainty that often accompany such situations. Researchers at Secureworks have reported a notable increase in domain registrations that appear to be associated with CrowdStrike, indicating that hackers are creating new websites designed to look official in order to deceive IT managers or the general public into downloading malicious software or divulging sensitive information. Cybersecurity agencies around the globe have urged IT responders to rely solely on CrowdStrike's official website for information and assistance. This guidance is particularly crucial for IT managers who are directly affected as they work to restore their organizations' online operations. However, individuals may also be targeted, prompting experts to advise everyone to remain hyper-vigilant and to act only on information sourced from official CrowdStrike channels.