5 Latest Developments On The CrowdStrike Outage

CrowdStrike’s shares dropped Tuesday following a report that Delta has hired an attorney over the outage that led to thousands of flight cancellations.

CrowdStrike’s shares dropped Tuesday following a report that Delta has hired an attorney over the massive outage that led to thousands of flight cancellations.

Meanwhile, a Wall Street firm reportedly told investors that many CrowdStrike clients are seeking pricing concessions in the wake of the outage.

“We are aware of the reporting, but have no knowledge of a lawsuit and have no further comment,” CrowdStrike said Tuesday in response to an inquiry about the two reports.

[Related: SentinelOne CEO On CrowdStrike Outage: ‘Not Just An Honest Mistake’]

Additionally, in an earlier statement, CrowdStrike responded to SentinelOne CEO Tomer Weingarten’s critical comments during an interview with CRN.

The outage began July 19 after an update to CrowdStrike’s Falcon platform set off a “blue screen of death” scenario for 8.5 million devices worldwide. Global impacts ensued for air travel, health care and business, and experts have called it the largest IT outage of all time.

CrowdStrike CEO George Kurtz previously disclosed that 97 percent of Windows sensors for Falcon were online as of Thursday.

What follows are the latest developments on the CrowdStrike outage.

Delta Reportedly Hires Attorney

Delta, which was by far the hardest-hit airline in the CrowdStrike outage, has reportedly hired a well-known attorney to pursue compensation from both CrowdStrike and Microsoft over the incident.

According to the CNBC report, Delta has hired attorney David Boies from the law firm Boies Schiller Flexner to pursue the legal action. As of Monday, no lawsuit had been filed, the report said.

Delta canceled nearly 7,000 flights and has lost an estimated $350 million to $500 million from the outage, CNBC reported.

CRN has reached out to Delta, Microsoft and Boies Schiller Flexner.

Share Price Down

CrowdStrike’s stock price was down about 12 percent, to $227.34 a share, as of 12:30 p.m. EDT Tuesday, as investors digested Delta’s reported plans for seeking compensation from the vendor.

Shares in the cybersecurity giant are now down nearly 34 percent compared to its closing price of $343.05 on July 18, the day before the outage.

Evercore Survey Reveals Client Woes

According to a Reuters report, Wall Street firm Evercore ISI surveyed CrowdStrike clients and found that “many clients” are looking at pausing or reducing their spending with the vendor, while also seeking concessions on pricing from CrowdStrike.

As reported by Reuters, Evercore ISI shared the results of the survey in a note Tuesday, telling investors that “nearly everyone agreed that they expect some form of monetary relief, such as discounts, service revenue credits, or free products.”

CRN has reached out to Evercore ISI.

CrowdStrike Responds To SentinelOne CEO

In a statement, CrowdStrike responded to comments from SentinelOne CEO Tomer Weingarten during his interview with CRN, which published Tuesday. Weingarten had suggested that the CrowdStrike update “bypassed” Microsoft’s typical process for updating the Windows kernel, which is the core control center for the Windows operating system.

Weingarten’s comments on the matter are “inaccurate,” CrowdStrike said in the statement.

CrowdStrike noted that its July 19 update was a “rapid response content update” — and “these updates don’t execute code in the kernel."

Additionally, “Microsoft does have a clear kernel review process, and that process was followed,” CrowdStrike said.

Microsoft Eyeing Windows Resiliency Improvements

In a post Friday, Microsoft executive John Cable wrote that the outage “shows clearly that Windows must prioritize change and innovation in the area of end-to-end resilience.” Cable also touched on the role of third-party access to the Windows kernel, indicating that the tech giant is now looking to “encourage development practices that do not rely on kernel access.”

Microsoft declined to comment on reports characterizing the blog as Microsoft opening the conversation around preventing security vendors from accessing the Windows kernel.