Prior to the weekend of 27 and 28 July, the majority of CrowdStrike Falcon sensors affected by a faulty rapid response update had been restored and were back online as efforts to address the incident on 19 July that caused crashes on over eight million Windows machines continued.
In a post on LinkedIn on 26 July, CrowdStrike CEO George Kurtz, who has been providing updates on the situation since it occurred, stated that as of 25 July, “over 97%” of Windows sensors were operational again. Kurtz credited the progress to the hard work of customers, partners, and the CrowdStrike team, but acknowledged that there was more work to be done to fully rectify the issue.
Kurtz expressed his commitment to resolving the situation and apologized for the disruption caused by the outage. He highlighted the use of automated recovery techniques and the mobilization of resources to assist affected customers in remedying the situation. Kurtz emphasized CrowdStrike’s mission to prevent breaches and ensure customer controls and resilience.
CrowdStrike confirmed that the logic error in the validator tool responsible for the chaos had been fixed and was undergoing thorough testing before being implemented on the backend systems. The company plans to improve the resilience of future rapid response updates by enhancing testing and validation checks to prevent similar incidents.
The outage had real-life consequences, such as flight delays and cancellations for airlines worldwide. One individual, an 83-year-old man named Patrick Bailey, ended up taking a long bus ride across the US after his flight was canceled due to the incident. Bailey had gone missing for several days before eventually being located in California.
CrowdStrike is focused on preventing similar incidents in the future by taking steps to improve the effectiveness and reliability of its rapid response updates.