CrowdStrike-Microsoft Outage: 5 Things To Watch For
Many questions remain about the ultimate cause of the outage and the impact it will have on CrowdStrike going forward.
While progress continued to be made on the recovery from the CrowdStrike-caused global IT outage Tuesday, many questions remain.
The cybersecurity giant’s defective configuration update led to the “blue screen of death” for Microsoft Windows systems worldwide Friday and brought widespread disruptions to air travel, health care, banking and more. At least 8.5 million Windows devices were impacted by CrowdStrike’s update, Microsoft has said.
[Related: CrowdStrike Chief Security Officer: ‘To Say We’re Devastated Is A Huge Understatement’]
In a note to investors Tuesday, Wedbush Securities’ Daniel Ives wrote that “discussions with industry and field checks this week continue to highlight some near-term disruption” from the outage, “which is still having lingering impacts across the globe.” CRN has reached out to CrowdStrike for comment.
What follows are five things to watch for on the CrowdStrike-Microsoft outage.
How Did This Happen?
CrowdStrike has identified a programming flaw—known as a “logic error”—as the culprit in the outage. It remains unknown, however, why the sensor configuration update to Falcon triggered the logic error.
The error sent affected Windows servers and PCs into an infinite loop, leading to a system crash and “blue screen of death.”
It has also remained unclear who, if anyone, was responsible for the mistake. In addition, questions have been aired about whether Microsoft bears any responsibility for the apparent lack of resiliency against CrowdStrike’s faulty configuration update. CRN has reached out to Microsoft for comment.
“The root cause analysis of the biggest IT outage in history will be a focal point for CrowdStrike, Microsoft, the cybersecurity industry, and likely many other areas including the Beltway and lawyers/legal circles over the coming weeks and months,” Ives wrote in his note to investors Tuesday.
What Will Kurtz’s Testimony Reveal?
The U.S. House Committee on Homeland Security has requested that CrowdStrike co-founder and CEO George Kurtz appear to testify on the outage. In a letter to Kurtz posted online, lawmakers said that Americans “deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking.”
“Protecting our critical infrastructure requires us to learn from this incident and ensure that it does not happen again,” the lawmakers, Rep. Mark Green and Rep. Andrew Garbarino, wrote.
The committee has asked Kurtz to commit to a testimony date with the Subcommittee on Cybersecurity and Infrastructure Protection by “no later than” Wednesday at 5 p.m. EDT.
How Will CrowdStrike Be Impacted?
In his note to investors Tuesday, Ives wrote that “customers and partners are focused on stabilizing customers and IT issues which has pushed inking new deals to the background for now.”
“Clearly this could have some near-term headwind impacts for CrowdStrike that we are still trying to get our arms around for the July quarter, although the longer-term [positive] story does not change in our view,” Ives wrote.
The expected House testimony by Kurtz, meanwhile, “will be a key moment for Kurtz and CrowdStrike with Congress and the 202 area code ready to focus on this global dark chapter for the CrowdStrike story,” Ives wrote.
Has CrowdStrike’s Stock Price Hit Bottom?
CrowdStrike’s stock price saw a modest uptick Tuesday, with shares in the company closing at $268.88, up 1.9 percent for the day. CrowdStrike shares are still down 21.6 percent from the closing price of $343.05 on Thursday.
“CrowdStrike remains the gold standard, and we believe this historical incident will only be a dark chapter for the company and not impact the long-term [positive] story for the name although this is a critical week ahead to get things resolved,” Ives wrote.
When Will Delta Recover?
For the fifth consecutive day, Delta passengers faced significant flight cancellations and delays Tuesday. Delta canceled more than 460 flights Tuesday, according to CNN, on top of more than 5,700 flights canceled by Delta between Friday and Monday. Delta has not responded to CRN requests for comment.
In the airline’s latest website update on the situation Tuesday afternoon, Delta said that “upward of half” of its IT systems run Windows. The airline has blamed the issues, at least in part, on “one of our crew tracking-related tools [that] was affected and unable to effectively process the unprecedented number of changes triggered by the system shutdown.”
CNN reported Tuesday that Delta’s issues “will probably extend through the end of the week.”