CrowdStrike Says 99 Percent Of Windows Sensors Now Online

The cybersecurity giant reported the recovery progress after the massive July 19 outage caused by its faulty update.

CrowdStrike said 99 percent of Windows sensors for its Falcon platform are online, following the global outage caused by its faulty July 19 update.

In an update to its Remediation and Guidance Hub site posted Wednesday, the cybersecurity vendor said that “using a week-over-week comparison, ~99% of Windows sensors are online as of July 29 at 5pm PT, compared to before the content update.” Additionally, “we typically see a variance of ~1% week-over-week in sensor connections,” the company noted.

That represents an improvement from July 25, when CrowdStrike CEO George Kurtz disclosed that more than 97 percent of Windows sensors for Falcon were online.

The update on the outage recovery comes as more questions have arisen about CrowdStrike’s potential liability from the incident.

Delta CEO Ed Bastian said in a CNBC interview Wednesday that the outage cost the airline $500 million in lost revenue from cancelled flights, hotels for customers and other customer compensation.

When asked whether Delta planned to file a lawsuit over the outage, Bastian answered that “we have no choice.”

In response to the possibility of legal action from Delta, CrowdStrike said Wednesday it has the same statement as the company released earlier this week on the issue: “We are aware of the reporting, but have no knowledge of a lawsuit and have no further comment.”

Delta, which was by far the hardest-hit airline in the CrowdStrike-caused outage, has reportedly hired well-known attorney David Boies from the law firm Boies Schiller Flexner to pursue compensation from both CrowdStrike and Microsoft over the incident.

In a note to investors Wednesday, Joseph Gallo, senior vice president at Jefferies, wrote that he doesn’t believe CrowdStrike will be held liable in any potential legal action by Delta.

However, along with Delta, additional companies can be expected to consider legal action against CrowdStrike over its defective update, Gallo wrote.

“We expect other companies impacted by the IT outage could potentially follow suit (helps with image to customers of impacted companies), creating further headline-risk in the near-term,” he wrote.

On the FAQ section of its Remediation and Guidance Hub site, CrowdStrike noted that as of the end of April, it had $3.7 billion in cash and cash equivalents.

Meanwhile, “for the trailing twelve months ending April 30, 2024, CrowdStrike generated over $1 billion in cash flow, which we believe will enable us to continue investing in the business and cover potential legal liabilities,” the company said. “In addition, we maintain insurance policies which are intended to mitigate the potential impact of certain claims.”

CrowdStrike has reported having nearly 30,000 customers, though it’s unclear how many were impacted in the outage. The incident has cost U.S. Fortune 500 companies $5.4 billion in total direct financial loss, according to an estimate from cloud monitoring and insurance firm Parametrix.

The outage began early on July 19 after an update to CrowdStrike’s Falcon platform set off a “blue screen of death” scenario for 8.5 million devices worldwide. Global disruptions ensued for air travel, health care and business, and experts have called it the largest IT outage of all time.

In an interview with CRN, SentinelOne CEO Tomer Weingarten suggested that the CrowdStrike update seems to have “bypassed” Microsoft’s typical process for updating the Windows kernel, which is the core control center for the Windows operating system.

CrowdStrike has called Weingarten’s comments “inaccurate,” saying the Windows kernel update process “was followed.”

In its preliminary review of the incident, CrowdStrike found that a bug in its validation process for checking security configuration updates to its Falcon platform resulted in the outage, due to allowing a faculty update to be deployed, the company has said.