In July of 2024, the world experienced a global tech outage of all Microsoft devices. This event caused a catastrophic disruption of what’s been described as the largest IT outage in history, costing companies more than $5 billion in direct losses, according to one insurer’s analysis of the incident published Wednesday. But how did this happen?
CrowdStrike is a cybersecurity company, used by all Windows devices to provide endpoint protection, threat intelligence, and response services. CrowdStrike’s technology stops breaches by preventing and responding to all types of attacks — both malware and malware-free.
On July 24, CrowdStrike released a report outlining the results of its investigation after the outage, which revealed a file that assists CrowdStrike’s security platform in scanning for malicious hacking of customers’ devices. The company regularly tests its software updates before publishing them to customers for downloading, but a bug in the testing system that disabled validation checks on new updates allowed the update to be published despite being faulty. The update was published just after midnight and was disabled just thirty minutes later, but it was too late. Millions of Windows devices had already automatically downloaded the software.
When the affected devices using CrowdStrike’s cybersecurity tools tried to access the flawed file, it caused an “out-of-bounds memory read” that “could not be gracefully handled, resulting in a Windows operating system crash,” CrowdStrike said (CNN).
Numerous companies use CrowdStrike’s cybersecurity software to detect and block hacking threats. But when CrowdStrike issued an update last week to its signature cybersecurity software, known as Falcon, millions of computers around the world running Microsoft Windows crashed because of the way that the update interacted with Windows.
The healthcare and banking sectors were the hardest hit by CrowdStrike’s mistake, with estimated losses of $1.94 billion and $1.15 billion,, said Parametrix, the cloud monitoring and insurance firm behind the analysis of the crash. Airlines such as American and United were the next most affected, losing a collective $860 million.
By Elisabeth Kheir ‘26, Contributing Writer
