Microsoft has new details released of the actual extent of the damage caused by the CrowdStrike IncidentThe report estimates that less than one percent of Windows devices are affected and details what the company is doing to help businesses that use its services implement a fix.
Part of the problem is that CrowdStrike’s recommended Workaroundmust, although almost too simple, be manually deployed to every Windows computer in an organization unless that organization’s system administrator can automate the process.
Microsoft tries to be as clear as possible about its own recommended recovery methodsHowever, since there is no automatic fix and some systems require booting into Safe Mode, CrowdStrike warns users that it is possible “some time” before the world is restored.
Market competition: it’s actually good
Microsoft Windows is without a doubt the most popular operating system in the world. As enterprise tech cultists, we love it Linux is making progressbut Microsoft’s technical philosophy can’t match its sharp focus on ease of installation and use.
As a result, it has become ubiquitous. “Less than one percent” of all Windows devices, eight and a half million of them, make — or perhaps made — it practically a given to set up Windows client PCs to support a Windows-based system.
Now you see the problem. CrowdStrike’s cloud-based Falcon enterprise endpoint security software, the whole reason we’re here is Windows-based. Businesses still have the freedom to choose when it comes to the software to protect their backend from common cyber threats, but if one piece of endpoint software can completely and utterly break like this, then they all can.
The CrowdStrike incident raises more questions than we can answer at this time, but it does bring up an important point: Companies should not put all their eggs in one basket or neglect their systems because they think they can blindly trust software vendors.
Automatic updates may be great for stopgap solutions, but if they don’t undergo enough quality assurance testing – as appears to be the case here – the consequences can be catastrophic. It’s entirely within the realm of possibility, a matter of time even, before we’re back here reporting on airports and train systems grinding to a halt.
I am the cloud and data person on this site, something approaching an ‘expert’. And yet, when someone with even a little technical knowledge can say to me ‘show me what happens when you run everything outside of the cloud’, all I can say is ‘why haven’t more people in business considered this?’, when it’s always been there, simmering in the background while we completely ignore it.