Despite the fact that the relevant configuration error has been fixed, and recovery tools have been released to assist IT administrators in repairing Windows hosts, it still takes several days to fully resolve the issue. According to the terms of the CrowdStrike agreement, the company may not need to compensate for this global incident.

As of Sunday US Eastern Time, Microsoft reported that a total of 8.5 million devices were affected globally. Although CrowdStrike has already fixed the related configuration errors and Microsoft has also released recovery tools to assist IT administrators in repairing Windows hosts, it still takes several days to fully resolve the problem.

In addition, the series of damages caused by this IT disaster cannot be ignored, and related legal liabilities and compensation issues are still awaiting discussion. However, according to CrowdStrike's agreement terms, the company may not need to compensate for this global incident.

8.5 million computers worldwide went on strike.

Last Friday, due to a software update pushed by cybersecurity giant CrowdStrike that was incompatible with Windows systems, airlines, media, banks, and retail companies that use Microsoft Windows systems around the world were catastrophically affected, causing many airports, shopping malls, hotels, offices, factories, and securities exchanges to be paralyzed.

On Sunday U.S. Eastern Time, CrowdStrike said that 8.5 million Windows system devices were affected and crashed due to defects related to software update content, of which most have been restored to online operation.

They emphasized that this outage only affected Windows system hosts and that Mac and Linux system hosts were not affected. They said that the software update error had been identified and isolated, and that the company had deployed repair procedures.

Microsoft also stated on its blog: "We estimate that CrowdStrike's update affected 8.5 million Windows devices, which is less than 1% of all Windows devices... Although the percentage is small, the widespread economic and social impact reflects that many enterprises operating many key services are using CrowdStrike."

Microsoft has now released a recovery tool to try to help IT administrators repair Windows hosts affected by incorrect CrowdStrike updates. The tool creates a bootable USB drive that IT administrators can use to help quickly recover affected machines.

Although CrowdStrike claims that the related configuration errors have been fixed and Microsoft has released recovery tools, it still takes several days to fully resolve the series of problems caused by this error. Especially for organizations and enterprises with complex systems, this global chain of harm is not easy to reverse.

"We believe it will take three to five days to resolve the issue," said US cybersecurity expert Eric O'Neill. "This is a long period of downtime for institutions."

Vasileios Karagiannopoulos, a cybersecurity researcher at the University of Portsmouth, said that these issues "may take several days or even weeks to resolve." He added that the problems are "so widespread and extensive in the system that technical support may become scarce due to insufficient demand."

Cybersecurity researcher Kevin Beaumont said that CrowdStrike customers are facing an "extremely painful" process of solving the problem and can only recover manually. "You have to enter the server or PC, start it in safe mode in the console, log in as an administrator, and then basically crack the system to get it back online."

After such a major global cybersecurity incident, related legal and compensation issues have also become a focus of attention. The first thing to consider is whether CrowdStrike needs to compensate affected enterprises? The answer to this question is likely to be "No". Although causing industry losses on a global scale, according to the agreement terms of the cybersecurity company, CrowdStrike, it does not need to pay any compensation fees other than simple refunds.

Although it caused industry losses on a global scale, CrowdStrike may not need to pay any compensation fees except for a simple refund, according to the terms of service of Falcon security software provided by the cybersecurity company.

After such a major global cybersecurity incident, legal and compensation issues have also become a focus of attention.

The first thing to pay attention to is whether CrowdStrike needs to compensate affected companies. The answer to this question is likely to be 'No.'

Despite the industry-wide losses caused by the incident, according to the terms of the cybersecurity company's agreement, CrowdStrike does not have to pay any compensation fees except for a simple refund.

The terms of the Falcon security software agreement from CrowdStrike have already limited liability to 'paid fees.'

"This means that if a company claims its business losses or revenue from CrowdStrike, it can only recover the amount it paid to CrowdStrike," said Elizabeth Burgin Waller, Chair of Cybersecurity and Data Privacy at Wood Rogers.

However, some cybersecurity experts also analyze that affected companies can consider suing CrowdStrike to demand compensation for their business interruptions. However, given that software companies hardly take any responsibility for major interruptions and cybersecurity events, the compensation that such lawsuits can attain may be negligible.

Nevertheless, analysts still anticipate that CrowdStrike itself will suffer a huge hit, especially if it needs to invest a significant amount of costs to rebuild its reputation after this issue is resolved.

Keith Bachman, Senior Research Analyst at BMO Capital Markets, says, "We believe this issue will have financial consequences. For example, we believe customers will seek damages and compensation, which we believe may include new and renewed contract discounts. Therefore, we believe this may have an impact on enterprise growth rates and cash."

According to the research report released by CITIC Securities, CrowdStrike's configuration update error may cause the company to suffer some economic losses, as well as more serious reputation damage. This incident may cause CrowdStrike's existing and potential customers to re-consider the partnership, and the main competitors of CrowdStrike may benefit from it.

Do airlines need to provide compensation?

In addition, do airlines, which suffered the most severe damage in this incident, need to refund or compensate consumers for canceled flights? The answer is "not necessarily".

According to EU law, if flights are delayed for more than three hours or canceled completely, airlines must provide passengers with alternative flights or offer full refunds or compensation. However, this rule also has exceptions, such as weather conditions and safety risks, as they are beyond the control of airlines. Therefore, EU airlines are likely to regard this shutdown as a "special circumstance" beyond their control.

The situation in the UK is similar. Last Friday, the Civil Aviation Authority (CAA) sent a letter to industry executives stating that this failure may be considered a "special circumstance," which means they are not obligated to compensate affected passengers. The letter reportedly said, "Passengers are unlikely to be entitled to a fixed amount of compensation."

According to US law, there is no industry-wide standard for compensation for stranded passengers, and airlines mostly develop their own compensation policies. However, the US Department of Transportation has confirmed that they believe the flight disruption associated with the IT issue is a "controllable risk," and the department is pressuring airlines to help pay for the incident costs.

US Transportation Secretary Pete Buttigieg said: "We have reminded airlines that if they experience significant delays, they have a responsibility to take care of passengers."

Editor/ping