CrowdStrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

[Jamie0003]

The name itself "CrowdStrike" really fits what's happening now.

Maybe, just maybe this is an eye opener for some companies causing them to rethink their IT choices. Maybe the industry will stop using the bloated Windows OS for everything and wiring it all to the internet.
And maybe, Microsoft will see that it should finally start to focus on good coding instead of rushing everything and bloating software with useless features. Maybe just stop with Windows OS entirely, it's just crap anyway. They should put all the energy into making fast working Office application that DO NOT RELY on cloud servers so much.

Go on then, tell them all to switch. I’m sure there are millions of alternatives out there right? Good luck

 

[Andreas from Zurich]

Interesting way to put it…

 

[TMRJIJ]

Me at work using a Mac while the Windows-centric teams are getting pummeled.

 

[imlynxy]

IT department has one more meeting this morning, where one guy gives the instructions:

1. The most difficult, We all have to stand up…..


))

 

[Timo_Existencia]

I tend to be resistant to most conspiracy theories...but interesting that Crowdstrike stock price began to dive on the 15th.

 

[imlynxy]

I'm surprised no one has blamed Tim Cook for this.

, this is the rear moment when Tim blames his PC

 

[spartan1967]

Take my money Apple! Wait, no. Am able to get into my Windows laptop now.

 

[davide_eu]

Again, if the "openness" of Windows is at the core of the problem, that's on Microsoft. Microsoft has sold a product to Enterprise that is now obviously vulnerable in a way that never should have happened. That's not just on Crowdstrike, that's on Microsoft.

Again and again. The product in this case IS NOT vulnerable; the "Enterprise" using its Administrator permission decided to install a kernel extension. They should have done an evaluation risk vs benefit. The decided to install. That is.

 

[reyesmac]

Apple should offer case variants to their Mac mini that makes them great for rack mounting. Don't bother with the polished look, just make them Xserve like and able to be stacked efficiently. But then they would need a good server software....nevermind.

 

[Tago]

But Apple always gets blamed in these forums for things beyond its control. Why does Windows get a pass?

By whom? Windows is just a operating system, IF there`s something wrong with Windows, Microsoft is responsible, not Windows. Windows isn`t a legal entity, cant`t be held responsible for anything. Same goes with MacOS and what not, Apple is responsible.

Windows and MacOS are blamed, but that is not the same as being responsible.

 

[Sowelu]

My entire company is at a standstill. Crazy how one boinked product or service can bog-down countless companies around the globe.

 

[Mainsail]

No, IT down is an enterprise risk, that must be managed by the Risk department. Once that risk is evaluated, a plan has to be defined.

If a company has a Risk department, they first need to be notified of a potential software systems' issue....who does that? The IT department. Then, backup plans would likely include some IT solutions....who does that? The IT department. My guess is that most IT departments never raised the potential issue in the first place for a Risk department to review. Besides, Risk departments often fall back on the advice of subject matter experts anyway.....who is that? The IT department.

 

[Timo_Existencia]

Again and again. The product in this case IS NOT vulnerable; the "Enterprise" using its Administrator permission decided to install a kernel extension. They should have done an evaluation risk vs benefit. The decided to install. That is.

If the product itself is vulnerable to massive global outages because some coder at a random 3rd party software company inserted rogue code, then we've just seen how vulnerable the entirety of the enterprise system that relies on MS Windows is.

If you're a hacker, you now have a blueprint for taking out much of the global computing infrastructure. You don't have to hack microsoft, you just have to hack any developer who can push an update to a large portion of the installed base that runs windows.

(btw, isn't this the storyline in Independence Day?)

 

[davide_eu]

If a company has a Risk department, they first need to be notified of a potential software systems' issue....who does that? The IT department. Then, backup plans would likely include some IT solutions....who does that? The IT department. My guess is that most IT departments never raised the potential issue in the first place for a Risk department to review. Besides, Risk departments often fall back on the advice of subject matter experts anyway.....who is that? The IT department.

No sorry, it is the opposite.

Risk starts identifying "what's going on if the IT systems is donw?" and after the process to manage the risk starts.

 

[.wojtek]

Not sure why people are crapping on Microsoft here. The issue is crowdstrike. They have Linux and Mac versions of Falcon sensor too. They just happened to screw up the windows version today and push it to production past everyone’s security controls.

This could be Apple or Linux tomorrow.

apple fanboys hivemind
..kinda sad...

 

[tywebb13]

They go like just trust us to do the autoupdates. We are the experts and we really really know what we are doing.

Yeah sure you do. You just caused more damage than all malware authors in history combined thereby rendering them redundant.

Yep you sure do know what you are doing!

 

[spcopsmac21]

FBI unlocks shooter Android in 40 minutes would take them 40 weeks for an iPhone and now in PC Land…”Houston we have a problem”.

It took the FBI all but 24 hours to open a would be terrorists phone in California last year…..

Without apples help.

 

[jakey rolling]

Duh, but it was an automatic update for Crowdstrike.

Yes it was. Crowdstrike being an IT security provider means that their automatic updates are always enabled. These are different from Windows updates which are often paused and then rolled out by IT departments after a testing period. These two things are worlds different and anyone who manages a network of any meaningful size understands the difference.

 

[hoodlum90]

Microsoft's response: See, we told you to upgrade to Windows 11.

😉

Forced obsolescence? What there any confirmation that this only impacted Windows 10 and not Windows 11? I could not find anything about this.

 

[Tago]

The problem is autoupdates generally.

apple and microsoft have pushed updates which have caused problems in the past - so no point saying trash the windows pc and get mac instead. apple do autoupdates too.

- like ios 8.0.1 which disabled cellular network, not technically bricking but made the iphones inoperable as phones

- and Windows 10 October 2018 Update which deleted files from computer

apple and microsoft pulled them but the damage was done

lots of 3rd party apps do autoupdates too, so it isn’t just crowdstrike

but you need to take control of your devices, disable autoupdates as much as possible and do updates manually, and only when it suits you and not them - and only when you know it is safe to do so

I haven`t updated anything on auto since `89. But I sometimes cheat with the "cooldown before hitting enter". I`m presently on Linux and I tend to check first as issues tend to pop up in the forums, before I make the move. If I update stright away, it`s on me. Basically it`s on me regardless.

 

[ignatius345]

Don't gloat too much, people. We all know how many tentacles Cupertino has into our/its devices/platforms and it's always possible a similiar situation, whether intentional or accidental, could happen to us next time. The software supply chain is a major vulnerability regardless of platform.

Just carry on and hope for the best!

It was only a few months ago when untold thousands of people had their iCloud accounts suddenly lock them out and require resets. I was lucky and resolved it within an hour or so, but I heard people on these forums who were locked out entirely for week of going back and forth with Apple. Not great!

 

[Mainsail]

No sorry, it is the opposite.

Risk starts identifying "what's going on if the IT systems is donw?" and after the process to manage the risk starts.

That is too vague and general. IT is ubiquitous and impacts every single element of operations. It is not actionable to simply ask "what if IT is down". You need to identify scenarios and specific system failures. The standard formula for Risk = probability x consequence. You can not access risk without specific knowledge about the systems in question, probability of failure, and the consequence if they do fail. Subject matter experts need to do this work.

 

[thadoggfather]

This is such a major cluster F of an F up. Mind boggling impact.

 

[aloysiusfreeman]

 

[Tago]

You may be able to give it a “go ahead”, but you cannot possibly expect system admins to check the code offered by a 3rd party devs.

..but one can possibly expect them to roll out the update by testing it on a representative and limited array of devices before going global. That`s pretty valid all down the custody chain. One could easily argue that Crowdstrike must have failed to execute that kind of due dilligence, as would end customer sys admins and the lot.