Blog
← Back to Blog
July 20, 2024 cybersecurity

CrowdStrike Update Crashed 8.5 Million Windows Computers. What It Means for You.

Global IT outage and system failure

On July 19, 2024, a software update from CrowdStrike, one of the world's leading cybersecurity companies, caused approximately 8.5 million Windows computers to crash with blue screens. Airlines grounded flights. Hospitals canceled surgeries. Banks shut down. 911 systems went offline. It was the largest IT outage in history.

The irony: it was caused by a security tool designed to prevent outages.

What Happened

CrowdStrike released a routine update to its Falcon endpoint protection software. The update contained a logic error that caused Windows systems to crash during boot. Affected systems entered a boot loop: start, blue screen, restart, repeat. The only fix was manual intervention on every affected machine.

Because the crash occurred during boot, remote management tools couldn't access the systems. IT teams had to physically visit each affected computer, boot into safe mode or recovery, and manually delete the problematic CrowdStrike file.

For organizations with thousands of endpoints distributed across multiple locations, this meant days or weeks of manual remediation.

Why This Matters for Every Practice

No Vendor Is Infallible

CrowdStrike is a premium security vendor used by Fortune 500 companies and government agencies. If they can push a faulty update that crashes millions of systems, any vendor can. Blind trust in vendors is a risk.

Automatic Updates Aren't Always Safe

For years, we've said "enable automatic updates." The CrowdStrike incident forces nuance into that advice: automatic security updates (Windows patches, browser updates) should be enabled. But automatic updates for business-critical software need testing procedures.

Centralized Management Creates Single Points of Failure

Organizations that deployed CrowdStrike across all systems simultaneously were completely offline. Diverse security approaches (different endpoint protection for servers vs. workstations, for example) provide resilience.

Manual Recovery Is a Realistic Scenario

Remote management tools can't help when systems won't boot. Physical access to every affected computer was required. For distributed practices, remote locations, or work-from-home staff, this creates a significant recovery challenge.

Lessons for Your Practice

  1. Test updates when possible. If your endpoint protection allows staggered deployment, test updates on a subset of machines before broad rollout.
  2. Don't put all eggs in one basket. Consider different security tools for critical infrastructure (servers vs. workstations, on-premise vs. remote).
  3. Maintain offline access to critical data. Paper-based fallback procedures for scheduling and patient intake can keep you operational during IT outages.
  4. Document local admin credentials. If remote management fails, you need local access to every machine. Know the local admin password.
  5. Have a communication plan for extended outages. How do you notify patients if systems are down? How do you coordinate with staff? Plan before you need it.

8.5 million computers. One faulty update. The dependence and the risk are both larger than we like to think.