Data Insights Report
The State Of Security: Finance
Widespread IT outage affecting Microsoft Windows systems triggered by a Crowdstrike Falcon sensor update.
MacOS and Linux-based systems are not affected.
Microsoft Windows hosts (individual devices and cloud or virtual systems) with the Crowdstrike Falcon sensor brought online prior to 05:27 UTC 19th July are impacted.
Recovering impacted systems requires manual intervention on each Windows host.
The incident became apparent 18th July with initial impacts on Windows hosts in Far Eastern time zones. Multiple organisations in a diverse range of sectors were impacted, causing initial concern that this was perhaps a cyber attack similar to Wannacry or NotPetya. However it became clear that the common factor in all cases was the use of the Crowdstrike Falcon sensor on affected systems.
The Flacon sensor system automatically pulls a channel file update from Crowdstrike. The file provided prior to 05:27 UTC 19th July was found to trigger Windows systems to crash with a black or blue screen - or in Azure instances a continuous restart loop.
Update 22 July 2024:
Crowdstrike have provided more technical details here:https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
Crowdstrike released an amended channel file at 05:27 UTC 19th July. Systems coming online after that time are not impacted.
Any organisation using Microsoft Windows hosts (individual devices and cloud or virtual systems) with the Crowdstrike Falcon sensor brought online prior to 05:27 UTC 19th July are impacted.
As the media have reported, the impact of this incident has been widespread and across all sectors. Those affected organisations are actively recovering disrupted systems to restore services.
There may be one or many organisations in your supply chain that is impacted and recovering services, with consequential impacts to your business operations. In that context, we’ve asked affected suppliers to advise their Recovery Time Objective and Recovery Point objective to enable strategic planning for continuity of your business activities.
The Risk Ledger platform provides an opportunity to understand the status of your suppliers and their plans for recovery if they are impacted.
This is an evolving situation.
Update 22 July 2024:
You can keep up to date with Crowdstrike’s detailed remediation guidance here:
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
To understand how your supply chain is affected by the Microsoft systems outage linked with Crowdstrike create your free account on Risk Ledger. You can find out more about how the Emerging Threats feature on Risk Ledger works here.
Sign up to our monthly newsletter to receive exclusive research and analyses by our experts, the latest case studies from our clients as well as guides, explainers and more to turn your supply chain risk management programme into a resounding success story.
.jpg)
