The co-founder and CEO of cyber security firm CloudStrike has been called to testify before the House Homeland Security Committee over last week’s worldwide Windows outage. The global crash, the effects of which are still being felt today, was caused by a faulty CrowdStrike software update pushed to Windows systems around the world.
The problem caused Windows machines to crash in an infinite boot loop resulting in the Blue Screen of Death and the effects cascaded through airlines, banks, media companies and hospitals. According to Microsoft, an estimated 8.5 million machines were affected and organizations will still be counting the cost of the resulting damage.
George Kurtz, who launched CrowdStrike in 2012 alongside Dmitri Alperovitch, appeared on NBC news during the outage to issue an apology and while the company swiftly issued a fix, the massive damage was done. Now, as reported by the Washington Post, he’s been called to testify over the events of July 19 and explain what went wrong and why.
“Recognizing that Americans will undoubtedly feel the lasting, real-world consequences of this incident, they deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking,” wrote Homeland Security Chair Mark Green and Cybersecurity and Infrastructure Protection Subcommittee Chair Andrew Garbarino in a letter to Kurtz dated July 22.
“In the United States alone, over 3,000 commercial flights have been cancelled, and over 11,800 others have been delayed. Additionally, this incident has caused surgery cancellations and disruptions to 911 emergency call centers, among many other impacts that could seriously affect Americans.”
The letter asks that Kurtz schedule a hearing with the subcommittee by the end of day Wednesday, as CrowdStrike continues to help with the cleanup operation. CrowdStrike spokesperson Kevin Benacci said in a statement the company “is actively in contact with relevant Congressional Committees.”
Microsoft blames the EU
Meanwhile, a recent fix from Microsoft, released over the weekend, promises to speed up the recovery of those machines burned by CrowdStrike.
Microsoft’s recovery tool creates a bootable USB drive that uses a lightweight version of Windows called Windows Preinstallation Environment to automatically identify and delete the CrowdStrike update. This means IT admins don’t need to put machines into Safe Mode or attempt endless reboots in the hope of receiving the necessary update automatically.
Even so, given the huge number of machines affected (and, in some cases, the limited IT resources available) it will still be some time before the CrowdStrike issue is completely in the rear-view mirror.
According to a Wall Street Journal report, a "Microsoft spokesman said it cannot legally wall off its operating system in the same way Apple does because of an understanding it reached with the European Commission following a complaint. In 2009, Microsoft agreed it would give makers of security software the same level of access to Windows that Microsoft gets."
In 2020, Apple informed developers that its macOS operating system would no longer grant them kernel-level access. This prevents a blue screen of death scenario from happening.
