Technical Director of RuSIEM LLC Valery Kupryushin said that the reason may be related to an incorrect system update.

tanjimajuha20 · Post by **tanjimajuha20** » Mon Jan 20, 2025 7:14 am

e failure occurred after an update to the CrowdStrike Falcon Sensor Enterprise solution. Workstations running the Windows operating system (OS) experienced a "blue screen of death" and went into an eternal reboot.

Representatives of the company CrowdStrike took responsibility for the incident and in an official statement on the media platform X (former Twitter, included in the register of sites containing information, the distribution of which is prohibited in the Russian Federation, and blocked in the Russian Federation) said saudi arabia whatsapp resource that they rolled back the update that caused the problems, and separately noted that there was no talk of a possible cyberattack.

Representatives of the Windows Corporation reported that more than 8.5 million terminals and computers suffered from the global failure (Western journalists use the word "outage"). The failure disrupted the work of three major American airlines - American Airlines, United Airlines and Delta, airports in Australia, Germany, India and the UAE, hospitals in Israel, Great Britain and Germany, the London Stock Exchange, banks in South Africa and many other companies, enterprises, services and departments around the world.

What happened

Kirill Timofeev, head of the infrastructure and services department at Obit LLC, agrees with Valery Kupryushin. According to him, one program can cause another to fail because they interact with the same parts of the operating system or computer resources. In his opinion, the update could contain errors (bugs), or change the files and OS settings on which the programs depended, or simply be incompatible with the operating system.

"The antivirus software that caused the crash is deeply integrated into the operating system, which increases the risk of a crash when downloading an untested update many times over," said Kirill Timofeev.

Director of Strategy and Technology Development at Bellsoft JSC (Axiom JDK), head of the information security committee of the Russian Association of Software Developers (ARPP) Roman Karpov noted that Windows can automatically receive updates and the scale of the failure is so great because the affected devices were configured to automatically install updates.

According to independent expert on IT and telecom markets Vadim Plesskiy, the policy of Microsoft itself played a significant role in the failure. He noted that Windows OS is an old operating system, to which new functionality was constantly being added, often unnecessary to the user, and which was very difficult, and sometimes impossible, to refuse. "As, for example, in the case of the protection mechanism. All this was compounded by the lack of a feedback mechanism between the user and the developer. "It turned out that instead of blocking cyber attacks as declared by the company, the system began to block certain functionality in Windows. Which in some cases led to computer reboots and the "blue screen of death," said Vadim Plesskiy.