On Friday, July 19, the global computer system crashed due to a problem with the update of the CrowdStrike Falcon version, causing chaos in the market and operational problems for multiple companies, making CrowdStrike the focus of attention. The culprit behind the "global crash" was CrowdStrike.

According to media reports, the global computer system crashed yesterday because of a problem with the update of the CrowdStrike Falcon version.

On Friday local time, US stocks fell sharply at the beginning of the trading session.$CrowdStrike (CRWD.US)$The stock price fell 14% at one point and closed down 11.10%.

So what company is the culprit behind this "global crash", and how did it affect Microsoft and cause such devastating damage?

What is CrowdStrike?

It is reported that CrowdStrike is a company that provides online security solutions, focusing on providing endpoint protection platforms based on cloud computing. The company was founded in 2011 and is headquartered in California, USA. CrowdStrike's main product is the Falcon platform, which uses artificial intelligence and machine learning to detect, prevent, and respond to network threats.

Known for its ability to detect and defend against advanced cyber attacks, its software is used by some of the largest cloud computing service providers, including Microsoft and Amazon AWS, as well as major global banks, medical care institutions, and energy companies, which help them detect and stop hacker threats.

According to market research firm IDC, CrowdStrike holds a share of about 18% in the $8.6 billion endpoint detection and response (EDR) software market, second only to Microsoft.

How did CrowdStrike cause the blue screen? Why is Microsoft involved?

CrowdStrike's software type is different from old-fashioned security software with limited versions. Traditional antivirus software was effective in the early stages of computer and internet development because it was able to capture signs of known malicious software, but it has become less popular as attacks have become more complex.

Now, CrowdStrike's endpoint detection and response software products are much more effective than traditional antivirus software, but like other cybersecurity products, CrowdStrike's software needs deeper access to the computer's operating system to scan for threats, and this access permission enables it to destroy the systems it is trying to protect.

Microsoft and CrowdStrike are competitors, and both provide endpoint cybersecurity products. The Falcon platform of CrowdStrike can be integrated into Microsoft's security products, such as Microsoft Azure and Microsoft 365, to enhance overall network security protection.

It is reported that yesterday's incident may have been caused by a software code update by CrowdStrike that interacted with the Windows system incorrectly and crashed, causing a large number of users to experience blue screen crashes.

"CrowdStrike is actively working with affected customers to remediate the defect found in a single content update on Windows hosts. Mac and Linux hosts are not impacted. This is not a security event or a network attack," said George Kurtz, co-founder and CEO of CrowdStrike.

"CrowdStrike is actively working with affected customers to address a flaw found in a single content update on Windows hosts. Mac and Linux hosts are not affected. This is not a security event or network attack."

How far-reaching is the killing power of CrowdStrike?

A wrong software update released by CrowdStrike caused a series of failures for clients in industries such as aviation, banks, medical care, and retail, affecting ports, enterprises, and governments. Hospitals were forced to delay surgeries, and McDonald’s, UPS, and FedEx also experienced malfunctions. Employees of banks such as JPMorgan, Nomura Holdings and Bank of America could not log in to their companies' systems on Friday.

For airlines, this failure caused a communication breakdown between planes and ground control, affecting passenger travel. FlightAware shows that more than 21,000 flights worldwide have been delayed. Currently, United Airlines, Delta, American Airlines, Lufthansa, Air France-KLM and Ryanair are gradually recovering, but the speed is slow.

Cybersecurity professionals say that

CrowdStrike's technology is a powerful tool against ransomware, but its cost (which may exceed $50 per machine in some cases) means that most companies will not install it on all computers, and the computers that do have the software are the most critical ones that need to be protected – if they fail, critical services will also fail.

Marie Vasek, assistant professor at the Department of Computer Science, University College London, said that

"The large-scale computer crash shows how much the global technology system relies on software from a few companies, including Microsoft and CrowdStrike. The problem here is that Microsoft is the industry standard software used by everyone, and the vulnerabilities in CrowdStrike are deployed in every system."

CrowdStrike itself has also said that any weaknesses it has could have potentially catastrophic impacts because of the company's dominant position in the operating system and productivity software market.

How can the problem be solved? Who will bear the losses?

CrowdStrike CEO George Kurtz said that the root of the problem has been found and the company has deployed a fix. Any Windows desktop or laptop affected by the update and crashed needs to be updated again, except for Mac and Linux machines.

According to a conversation between CrowdStrike and a customer quoted by the media, CrowdStrike's technical support team suggested that the affected system may need to be restarted up to 15 times.

For the extent of economic losses caused by the failure and who will bear these losses, it is still unknown for a period of time. It is reported that most software vendors are not responsible for damages caused by their programs, which are authorized rather than sold. But they usually sign service agreements with their largest customers and may need to help remedy, provide discounts or other compensation.

In a statement, CrowdStrike said,

"Working with all affected customers to ensure that systems are back to normal operation and can provide the expected service to customers."

In addition, it is worth noting that there was also an incident involving Microsoft Azure cloud computing service, which caused service interruption. Microsoft said the underlying issue has been resolved, but users may still experience "residual impacts".

It is unclear how much of the computer system crashes are caused by flaws in CrowdStrike software updates and how much are caused by issues with Microsoft's online services and its enterprise cloud computing service, Azure, which began on Thursday, according to analysts.

However, a Microsoft spokesperson said the company does not believe that the vulnerability in CrowdStrike software is related to the interruption that affected "some Azure customers".

Editor/Somer