CrowdStrike releases full detail on Microsoft major outage, blaming faulty update validation

The big tech story that happened recently is the Microsoft major outage due to a faulty update from CrowdStrike’s Falcon Sensor software. It occurred on Friday, July 19, 2024, and impacted roughly 8.5 million Windows devices used by various vital businesses, including airlines, hospitals, supermarkets, TV stations, and more.

CrowdStrike, the endpoint security provider, has now released full details, or a post-incident review (PIR), on what happened on the day of the Microsoft major outage. It blames a bug in QC control and faulty update validation as the culprit.

On the day of the outage, as the company describes, CrowdStrike released a content configuration update for its Falcon sensor, aimed at gathering telemetry on potential new threat techniques, which led the Falcon security software to trigger a Windows system crash (BSOD) for systems running sensor version 7.11 and above.

In other words, it failed to properly validate the problematic update. The issue occurred between 04:09 and 05:27 UTC and affected systems with sensor version 7.11 and above. The crash was due to a faulty update meant to detect new threats, which had an undetected error.

Microsoft is indirectly involved with the CrowdStrike incident because CrowdStrike’s Falcon security software, which is used to protect Windows machines, caused the crashes. The Redmond tech giant has never experienced an IT outage this massive in the past, which understandably calls for better QC control, and even partially blamed an EU regulation that limits its control over third-party access.