Microsoft has released new details of the true extent of the damage done to systems around the world by the CrowdStrike incident, estimating that less than one percent of Windows devices have been affected, as well as outlining what it is doing to help enterprises using its services deploy a fix.
Part of the issue is that CrowdStrike’s recommended workaround, though almost too simple, has to be deployed manually across each Windows computer in an organization, unless that organisation’s sysadmin can automate the process.
Microsoft is doing its best to be as clear as possible about its own recommended recovery methods. But, with there being no automatic fix, and some systems requiring booting into safe mode, CrowdStrike is warning users that it may be “some time” before the world recovers.
Market competition: it’s good, actually
Microsoft Windows is, without a doubt, the most popular operating system in the world. As enterprise tech cultists, we love that Linux is making strides, but it’s technically-minded philosophy is no match for Microsoft’s laser focus on ease of setup and use.
As a result, it’s become ubiquitous. “Less than one percent” of all windows devices being eight-and-a-half million of them makes – or, maybe, made – it seem obvious, really, to set up Windows client PCs to support a Windows-based system.
You’re now seeing the problem. CrowdStrike’s cloud-based Falcon enterprise endpoint protection software, the entire reason we’re here, is Windows-based. Enterprises still have the freedom of choice when it comes to the software for protecting their backend from prevalent cyberthreats, but if one piece of endpoint software can break utterly and completely like this, then they all can.
The CrowdStrike incident raises more questions than we can answer at this exact point in time, but it raises the important point that enterprises shouldn’t put all of their eggs in one basket, or neglect to understand their systems while under the impression that they can trust software vendors implicitly.
Automatic updates may be terrific for emergency fixes, but when they aren’t put through enough quality assurance tests – as seems to be the case here – the consequences can be catastrophic. It’s entirely within the realm of possibility, a matter of time, even, before we’re here again, reporting on airports and train systems grinding to a halt.
I’m this website’s cloud and data person, something approaching an ‘expert’, apparently. And yet, when someone with only a modicum of tech literacy can say to me ‘shows what happens when you run everything off the cloud’, all I call is ‘why haven’t more people in enterprise factored this in?’, when it’s always been there, simmering in the background while we ignore it completely.