John Taylor, Professor of Economics at Stanford University and developer of the "Taylor Rule" for setting interest rates | Stanford University
John Taylor, Professor of Economics at Stanford University and developer of the "Taylor Rule" for setting interest rates | Stanford University
On July 19, millions of Windows users encountered the "blue screen of death" due to a bug in CrowdStrike's cybersecurity software. The issue has persisted for some users and companies, with projected costs reaching billions.
Zakir Durumeric, an assistant professor of computer science, provided insights into the incident. "In general though, one of the best things that people can do to protect themselves against attacks is to regularly update their computers and phones," he advised.
Durumeric explained that the outage was caused by a malformed update sent to CrowdStrike Falcon, an Endpoint Detection and Response (EDR) software. EDR runs continuously on workstations within a company to monitor for abnormal behavior indicating potential infections like ransomware. Due to its integration with the Windows operating system, the crash of CrowdStrike Falcon led to the OS crashing as well.
"The fix to get CrowdStrike and Windows running again is simple – one just needs to delete the malformed file that was shipped as part of the update," Durumeric said. However, this task cannot be done remotely or automatically because of repeated crashes during booting. IT staff must manually boot machines into Safe Mode and delete the problematic update. Complications arise when computers use BitLocker Full Disk Encryption without accessible recovery keys.
Airlines were notably affected by this issue. Delta Airlines reported significant disruptions as half of their systems run on Windows, particularly impacting their crew scheduling system. The U.S. Department of Transportation has opened an investigation into Delta's prolonged recovery time compared to other organizations.
Durumeric emphasized lessons from this incident: "This incident serves as a stark reminder of just how reliant we have become on incredibly complex software systems and the large number of dependencies that each system has." He highlighted the importance for critical infrastructure providers to architect resilient systems and plan for recovery from failures.
© Copyright Stanford University
Alerts Sign-up