What caused the CrowdStrike-Microsoft global tech outage?
HTML-код
- Опубликовано: 13 окт 2024
- A global tech outage Friday grounded planes, sent offices offline and disrupted multiple industries. Cybersecurity firm CrowdStrike says it identified a critical problem in its software and is working to fix the issue. Justin Cappos, professor and cybersecurity expert at New York University's Tandon School of Engineering, joins CBS News to explain what caused the outage and when things could return to normal.
CBS News Streaming Network is the premier 24/7 anchored streaming news service from CBS News and Stations, available free to everyone with access to the Internet. The CBS News Streaming Network is your destination for breaking news, live events and original reporting locally, nationally and around the globe. Launched in November 2014 as CBSN, the CBS News Streaming Network is available live in 91 countries and on 30 digital platforms and apps, as well as on CBSNews.com and Paramount+.
Subscribe to the CBS News RUclips channel: / cbsnews
Watch CBS News: cbsnews.com/live/
Download the CBS News app: cbsnews.com/mo...
Follow CBS News on Instagram: / cbsnews
Like CBS News on Facebook: / cbsnews
Follow CBS News on Twitter: / cbsnews
Subscribe to our newsletters: cbsnews.com/ne...
Try Paramount+ free: paramountplus....
For video licensing inquiries, contact: licensing@veritone.com
I work as IT for a large software dev operation in Australia... PCs started to blue screen at around 3pm... by 4pm every single PC was down in every office in Australia... within 1 hour our team determined it was crowdstrike. Although still silence from Crowdstrike... our 5 man team war roomed and found and tested the fix... rolled out the fix to every 500+ Windows PC, window servers and virtual windows machine... the worst part was fix could not be applied remotely as all workstations was bricked... we had to 1 PC at a time physically in person to apply the our fix... while ours phones was going nuts with people going nuts cuz they can't work... i walked out of office at 12am... no food no breaks as a broken IT Support.... thanks to crowdstrike...
Wow...what can prevent this from happening again?
Similar here in Japan, it was the desktops mainly there were bricked - had to log in Safe mode, type the bitlocker code, remove that update file and reboot, worked all through midnight.
You and your team did a great job. Hope your bosses recognize itl
@@tamjeanellcompanies like cloudstrike are hired so this things don't happen. Don't hire incompetent people. This is a rookie mistake.
Thank God all my servers are on AWS Kubernetes cluster.
The poor underpaid developer and tester will get fired. while their big bosses who imposed impossible deadlines will get away with massive bonuses. How world of IT works
Well if you dont like it...
I'm afraid Your Mostly Rightt ,exept, : companies will bring in a New ,group of Lowest bid ,Not competent ,employees ,and will happen All over again in 3 years
Underpaid developer? Developers have skills and can go elsewhere even if they get fired. It doesn’t pay to stay at an IT job too long unless you are happy with the pay and company. The heads of the company have a lot more to lose with the company potentially not being around in a few years. The owners of companies are assuming the risk and forking out capital to start their business venture and risk losing it all. The employees can just get another job.
Your leftist type thought process is laughable.
* How world of every company works.
So the lowest paid person can cause the greatest damage. We are seconds from the stoneage. If information is erased, so are we. And all digital equipment. Mad Max.
The "blue screen of death" is a standard term for it and has been for decades.
This is a situation where pretty much all their customers are large corporations. Small users didn't get the problem because they don't use the service. Microsoft products are widely used and when they have a problem it becomes known fast. IT admins also know not to implement Windows updates right away but wait a bit in case a problem shows up.
Huh what How... NOO its called der blerr scaann ohh deeff..
There are viruses. Will destroying server farms do anything.?
Devs and QA's: we recommend phased deployment with performance testing and regressijn testing
Execs: thats really expensive
Devs and QA's: we told you
Execs: surprised pikachu face
I was a DBA many years back. Same thing happened during an infrastructure update. Not as catastrophic, but we were a SaaS provider, so our customers were down. I (and many others) told our director, maybe we should just try 1 pod this weekend. He kabashed it. Instead of our normal 3 hour maintenance window, we were down most of the weekend. I worked almost 36 hours straight along with my network admin colleagues. Not one thanks in the end. I'm sure he slept. The arrogance and incompetence was unbelievable. And it wasn't the last time. I quit operations that same year.
@@SoulfulVeg yep. I see it all the time in the IT industry where speed to deliver supercedes all quality standards because they are too expensive and delay delivery. Ultimately, nothing will ever be learned from this, the company will just ride out the media storm, the government will cover for them and we go back to flawed release processes.
US company world security threat, why is no one asking this question? 🤔
Because it wasnt. It was a really faulty dev update.
@@joelmichaelviado1226 they did it deliberately to check which countries would be affected..
@@joelmichaelviado1226 you just are simple mind. Try to think deeper.
@@xenomorph2258The bad update has been analyzed by experts around the world. The cause of the outage is known. Stop with the conspiracy theories
@@xenomorph2258 We can never blame our corporate overlords for being cheap, petty, and incompetent. It has to be a secret agenda.
If this is actually a bad code problem and this happened because of a "Glitch". Then Crowdstrike has the power to do this on purpose and assuredly WORSE! Why in the hell does one company hold that much control and power over millions and millions of people and institutions around the world? Especially in my United States of America!
Because Large companies with millions of computers chose to install and use Crowdstrike Falcon software for Cyber security protection. No one was forced to install or use the software
There's NO WAY Crowdstrike deployed this w/o TESTING, no way... which only leads down one path which I'm not going there....
So will all businesses who lost revenue or profit during this outage be compensated? It seems very irresponsible to install an update that was not tested first on a smaller scale. This is ridiculous and many companies and banks and people lost out on money. This has even affected the medical and pharmaceutical industry. They need to be shut down after everyone is compensated. This affected MILLIONS of people. You cant jyst say sorry and write this off,heads need to roll.
Our county has be too dependent on computers is there any back up? NO! We are human beings not robots cell phone zombies are all over the place.
🙄 so we go back to a time when computers where not being used in places like hospitals and airports and there risks of death were higher? Go away.
Newscaster at 1:34 "I just have to ask if it's normal to roll out everything all at once."
SREs: "one of us, one of us"
That cut down on air pollution
YEP SURE DID! Hmm scarry
yeah and the next few days, it will be back as to what it was before, like nothing happened.
And my banking 😂
When people get on neurallink expect this!
Affected nearly every industry across the globe. Let that sink in. Have you tried to access your bank account?
test run for what's coming
My thoughts exactly. There's been a lot of test runs since 2020 and from what I can see most of there tests have been 100% successful.
Nonsense. This is just big companies being morons. No one ever said MS was a well run company either.
Found the conspiracy weirdos
@@letsburn00Microsoft was not responsible for this
@@enadegheeghaghe6369 I know. It wasn't them at all, it was crowdstrike. But MS are still awful people.
There's no one using crowdstrike software on their windows pc at my office thus we're pretty much unaffected yesterday.
I used to work in IT. Can't help but imagine the nightmare of working IT for a large company right now, and every PC on the network has the blue screen of death. That's Stephen King levels of nightmare.
The crowd strike did strike the crowd
Crowd Strike is negligent. Obviously they don't test their patches before deployment. Shameful. Crowd Strike and Microsoft should enforce rigorous testing before deploying patches from any company. They should also have a significant roll back process to be enforces at the first sign of problem.
Very fishy.
You have this rollback feature if you are in azure with backup option enabled.
That’s the thing, Crowdstrike did role back quickly. In 1.5 hours after the first tech alert, they had the fix published. The issue is how the agent works. Most systems crashed before the change could be sensed by the agent and applied. Hence why they also published the work around at the same time.
The other issue is how locked down do you my your operating system. At some point, you need to let users have the ability to install the software they want. For better or worse, it’s the users accepting that risk for the venders they work with.
Microsoft has nothing to do with this. They didn't deploy anything in this instance.
Agreed.
The update was from crowd strike.
Just like chrome updates go via Google and not Microsoft
My flight got cancelled yesterday due to this incident!
that is why we need to have cash on hand in cases of something like this
Cash didn't work at supermarket 😂😂 Dogecoin was working in all my businesses 24/7
I always have 400$ in my wallet. Not a bad tip bro bro
yeah without the computers they won't have a way to put it in the system so that's not gonna work either.
@@Hurley164 i always carry small amounts in case they dont have change
@@7_of_9my supermarket ONLY took cash. wtf r u talking about? also 17 cars stranded at the charging station for 5 hours
Whadya wanna bet someone forgot the ";" ?
Crowdstrike : We fired all our software QA and tester to save money
This fiasco just proves to me again that there not not any EXPERTS, just people specializing in fields. How many Techs does it take to not be able to predict that this could happen and take a few baby steps instead of leaping off the cliff?
This is the reason updates should always be manual, NEVER AUTOMATIC.
how do we actually know this wasn't a cyber attack? we don't.
Why would they say that? A company that’s worth apparently 83B US would turn into Mulch O/Night. Your being Lied to.
cuz they said so, just like they said they flyed to the moon
There are prgrammers that checked the files installed and they were all windows update files.
Because there is more egg on the face of Crowdstrike admiting they messed up.
Because IT ppl with no connection to CrowdStrike or Microsoft found the problem before it was publicly announced. As a person who works IT and into OffSec, we encounter ppl like you all the time. You don't know the technology and automatically default to conspiracies
Worn out house is no need to clean but new house needs it. Because of disconstruction when clean worn out house. Which like?
Windows: *no response*
Linux: just use me
/root away 😁
Linux users: Use Linux.
Me: Sure which one?
@@evacody1249Ubuntu 😂😂
@@evacody1249 It really depends. I'm not so experienced with this yet, but I mostly use Ubuntu (actually most of the time I use Windows but sometimes I use Linux as well). Kali's good for hackers. For displaying information, ads and billboards in, for example Airports, you can use Debain, or Ubuntu. They can be also used for servers.
CrowdStrike got Linux earlier.😢
When that manager only hires Indian students
absolutely!
Were the companies contacted about the update? If not then that’s a scary thing that they have access to shut down like that
The Y2K bug was only 24.7 years late
Exactly why wasn’t there a change control meeting? There should have be a lab for testing.
Interestingly enough!?....it's only The Microsoft Windows computer OS were the Only ones affected by this and never the Google Chrome MacOSX Linux and Amazon Fire OS....I really wonder on why!?
Microsoft is guilty not banning this kind software.
why would you ban an endpoint security software that detect and protect against malicious activity. it's just really a bad software release update from crowdstrike that affected the kernel os
@@philsonsuju Microsoft is already providing such service.
@@ohcho-fg4co if you're referring to MS Defender that would not be enough. its just an antivirus software. 3rd party vendors have other advanced features needed to secure your system. for this instance, crowdstrike has an endpoint detection and response(EDR) software.
Then Microsoft will get sued for anti trust for not allowing competitive software products and creating a closed system.
It's not as simple as it sounds.
@ohcho-fg4co if you're referring to MS defender antivirus by MS then its not just enough. 3rd party vendors offer advanced features like endpoint detection and response (EDR), which crowdstrike provide to their businesses and enterprises.
From now onwards, Microsoft has to literally beg everyone to intake new updates, even if it’s a very very important security fix.
Misinformation.
this wasn't a Microsoft update but a crowd strike update.
Just like when you update chrome on your windows PC that update is delivered by Google and not Microsoft.
Secondly all windows updates do go out in batches, and not wild scale releases like this. So this was a quality issue in the release process with a 3rd party vendor
@@achilles165 am not a software nerd but this is an update to the kernel as I understand. Linux has different Kernel. And because it’s the same company does the cybersecurity updates, all fortune 500 were impacted.
@@manoharmeka999 not an update to the kernel itself, but driver files which runs in kernel mode.
Anybody can write a device driver since Microsoft OS has public SDK on how to write drivers. This isn't new and decades old stuff which is how Microsoft works with Dell, HP, Intel, Lenovo etc etc you can update your graphics card and get Nvidia drivers updated on your PC anytime without Microsoft involvement
Plus in this case it's also a trusted signed driver from a well known company.
@@manoharmeka999Crowdstrike also has software that runs on Linux. luckily that wasn't updated at the same time
Someone maybe did something that they were not supposed to do
Crowdstrike developer and QA failed massively on this, lawsuit incoming
Not true. Nobody cares anymore They're on their third cheeseburger
They have all the tech and they did not even use their own customers AI (Microsoft) to check their proposed update.
I’m glad the expert immediately identified the problem as software quality assurance.
probably because a coder told them they need to debug code, and the executive said "lol no we don't"
The guy is a puppet of WEF
Sabotage? Just an idea ....
A disgruntled employee perhaps.
#bringbackdvds
#supportphysicalmedia
Use DVDs
Use paper
Use cash
Yeah but no
go back to using mainframes. They were so reliable
Until they weren't...
@@maigepresents5840 at least if one has a failure. It does not affect other networks
Remind me of one of the ceo the company I used to work at.” Dev can test their own code so we can just get rid of Qa team” .
Windows Defender should be enough without installing other programs which could be malware.
Hahaha, it's cute that you think defender is enough protection for Large companies and corporations
@@enadegheeghaghe6369 In theory, it should be enough.
Thank you! Finally someone says it how it is.
No coincidence being called "CrowdStrike"
The blue screen is blue, because that is the color that naturally calms you down, like looking at the sky. But thanks to MS, now blue makes us nervious....
I should try to use Linux. I heard its more advanced and much much better now.
Linux is always advanced, the thing is this issue happened in Linux all the time. However it won't make the headline as there are so many variety of Linux distros and the impact won't be this large. Plus other than IT people, most won't care about Linux related news.
Vanilla Os is a beautiful Linux version
And or Linux mint
Noo not really
@@AMPProf what do you use?
The professor is partially correct with his information but for this particular issue he is incorrect. It was a blatant cyber attack in retaliation to Microsoft.
As an engineer attaching Microsoft's name to this failure is tantamount to yellow press journalism. The so-called engineer who uttered that nonsesense should be sued for libel.
no tv no comp no mobile and you are free like a bird and strong and safe as earth and stone 💪💪
Good advice, so why are you here on RUclips?
Hmmmm.... Microsoft has been in the spotlight due to a series of cybersecurity incidents known as "crowd-strikes". This phenomenon describes a coordinated cyber attack targeting a company's cloud services and network infrastructure. To understand the main causes of "crowd-strikes" at Microsoft, it is necessary to carry out an in-depth analysis of the factors that influence its vulnerabilities 🧐🧐😇😇🥰🥰
I like that not even the News Reporter can contain her giggle from the irony of a cyber security company causing worldwide Windows failures
NSA when they have to do major overhauls on their systems:
It sounds to me like the Terminator: Genesis.
Skynet 😮
@@yasin04041991 except that skynet, in this case, was just a dumb intern who made an error, and released the update.
Incompetence.
My company called it Speed to Market. Some VIP IT illiterate promised a ridiculous completion date, giving very little testing time, so he could get a bonus. They'll blame poor over worked programmers.
Malicious incompetence 😂
Some people has reported .....
It's the official term
Shifting everyone's focus , it is distracting you
Now this problem solved ? My system still not working it's shutdown every 10 min ...
Tldr: it'll stop when people start using Linux instead...
Am I the only one that finds the fact that the update that crashed the world was called "Crowd Strike" ironic?
No? Nothing?...whew tough world.
I had stressful day at work could not use my laptop for 6 hours because I was stuck in an endless blue screen loop and in first hours IT had no idea how to fix it
I never knew this would happened I live in Columbus to but I’m actually on vacation why would they do this to columbus
Justin Cappos appearing as if he'd been contacted a moment earlier to provide his analysis, had just gotten out of bed, didn't have time to shave....
Are there alternatives to Crowdstrike? This company has no business being in business.
yes there are, companies just have to research it.
Has anyone considered that A.I. tried something and they were able to stop it or not?!?;
ET could've done that, Did Microsoft fix the Outlook email client? Or did Microsoft program it to launch Outlook every time it receives an email advertisement? I have about 10-15 Outlook wonderows launched by themselves sitting in my tray.
I wonder how many people couldn’t use their credit card? Hopefully they have cash on hand.. ? Cash is the was togo. I feel more secure with cash in hand.
naw they got hacked, this just another coverup and excuse
I think this disaster should be an issue in DevOps operations.
Yeah they tested it alright. Works great guys.
It happened because some idiot executive said they didn't need to debug any of the code.
First rule of Project Mayhem is you do not ask questions!😂
My bank was shut down yesterday 😂 what the hell happened?!
Should be a lawsuit
It is so funny cuz I received alert emails but didn't feel outage?
Soooo sounds to me that the reason given is pretty much as good as the COVID excuse we were given. Just not possible that would happen when there is so much at stake..
This is what happens when you put all your eggs in one basket!
Yesterday was a big win for CrowdStrike. Finally a virus protection program that disabled the most prolific spyware program on the internet - Microsoft Windows.
Which is Apple.
Will this be Highest record fines event?
Wth.im glad i don't own a Dell no more.
🤣🤣🤣 windows. Linux users would have a few giggles on this.
The way they delivered the news it sounds like there was a massive Microsoft outage, and cybersecurity company Crowdstrike are working to fix the issue.
Well basically the line is not really wrong, but surely Crowdstrike is not the hero here.
The most surprising thing about this fiasco is the Linux fanboys being relatively quiet about this. Generally when something like this involving Microsoft (no matter how slight its involvement) comes up, every second comment is about how good Linux is....
Because Linux reads and writes twice the formats and files that MS Allows.
MS is sheep'ware .
All the banks and governments run Linux Apache servers and since MS cant read much of linux the establishments don't have to worry about much hacking them.
This is not just CrowdStrike's problem. Microsoft is equally guilty. Get ready for lawsuits, Microsoft.
What do You say When given a Job ,Youre Not ready to Do ? You say , " ImNot ready Yet : Croudstrike said ,Gimme the Money ,
It was probably just a set up to let as much of our personal information out as possible then blame it on this glitch.
They don't need to do that to get your info lol
Ohhhhhh
Look at Exactly What & Where it affected "The 'World' "...The 'World'? OR Just NATO Member Nations/The U.S.? Seems VERY SUS. VERY SUS, INDEED.
Probably cause non NATO countries don’t rely as much on Microsoft and other software made by western companies. Also, it has been confirmed that it was not a cyber attack.
Using 3rd party security software is a stupid. Risk is like this.
It was a messy day
best joke of the day, it's valuation still over $300 / share lol.
Great answer
Good question 🤔
Whats upsetting is how much this technology is depended upon we were better off bak in the late 80s 90s 70s without full dependance on tech shows how vulnerable everything is
Protect yourselves 💪
It's time for companies to switch to Unix/Linux based servers. The fact that Windows is such a poorly designed operating system that it requires a third party driver to protect it, makes it an undesirable platform. CrowdStrike couldn't have tested their roll out, so they are directly to blame. The fact that Windows allowed CrowdStrike to install a defective driver is Microsoft's fault. The lawyers and courts will have to sort out what the damage $ are. I switched to Linux over 15 years ago. Switching has proven to have been a great move on my part.
makes sense but linux is hard to learn. we've had windows for ~30 years and people still can't change their passwords without tech support.
This what u get when u fire experienced employees and hire young inexperienced kid's....
Seems like this guy has an ax to grind with Microsoft. Microsoft may be to blame for a lot of things, but this was CrowdStrike's fault, not Microsoft's. To say Microsoft was "equally to blame" is complete nonsense.
I hope I get a million dollars when it comes back everyone gets someones bank account with your name 😂
So how do I remove crowdstrike from my system completely?
delete Windows 11
Take this as a lesson learned.
Now that this has happened.
Time to prevent it from happening again.
Let's face it. it probably will!
And next time worse! After all, the other hackers are having a field day with this issue.
Time to learn What to do in case of a next time! (GOD FORBID)
Buddy Love Momma Lucy 💖