In an exclusive interview with TODAY, George Kurtz, CEO of cybersecurity firm CrowdStrike, provided detailed insights into the massive computer outage that recently brought various industries around the world to a standstill. The incident, which led to disruptions across airlines, banks, transit systems, and even emergency services, has been traced back to a defect in a software update from CrowdStrike.

Unprecedented Global Impact

The outage, which began early Friday, left travelers stranded at major airports, interrupted banking services, and caused chaos in several industries. “We are deeply sorry for the impact that we have caused to customers, travelers, and anyone affected by this, including our company,” Kurtz said, expressing regret for the widespread disruption. The outage affected major airports like JFK and LaGuardia, leading to flight cancellations and significant delays. Smaller airlines, such as Frontier, Allegiant, and SunCountry, also reported outages.

The Root Cause

Kurtz explained that the outage was caused by a software bug in a recent content update for Windows hosts. “The system was sent an update, and that update had a software bug in it which caused an issue with the Microsoft operating system,” he said. This bug resulted in what is commonly known as the “blue screen of death” on numerous devices. The problem was traced back to a specific channel file in the Falcon Sensor update for Windows hosts. “This was not a security incident or cyberattack,” Kurtz emphasized, dispelling fears of malicious activity.

Not a Cyberattack

Kurtz was quick to dispel any fears of a cyberattack. “It wasn’t a cyberattack. It was related to this software update,” he reiterated. The clarification came as many speculated about the possibility of malicious activity given the scale of the disruption. “In our line of work, we always have to stay one step ahead of the adversaries. In this case, it was an internal issue,” he added.

Ongoing Recovery Efforts

CrowdStrike has been working around the clock to address the issue and assist affected customers. “We have resolved the issue now, and as systems come back online and are rebooted, they are working,” Kurtz said. He acknowledged the complexity of the problem, noting that the company is providing continuous updates and support to ensure full recovery. “We are fully mobilized to ensure the security and stability of CrowdStrike customers,” he stated.

Technical Details and Workarounds

CrowdStrike issued a technical alert detailing the issue and providing workaround steps for affected users. According to the alert, the problem was isolated to a specific channel file in the Falcon Sensor update for Windows hosts. The problematic file has been reverted, and CrowdStrike provided instructions for both individual hosts and virtual environments to mitigate the issue.

1. For Individual Hosts:
   • Reboot the host to download the reverted channel file. If it crashes again:
   • Boot Windows into Safe Mode or Windows Recovery Environment.
   • Navigate to the CrowdStrike directory and delete the problematic file.
   • Boot the host normally.
2. For Virtual Environments:
   • Detach the operating system disk volume from the impacted virtual server.
   • Create a snapshot or backup.
   • Attach the volume to a new virtual server, delete the problematic file, and reattach the volume to the impacted server.
   • Alternatively, roll back to a snapshot taken before the problematic update.

Industry-Wide Disruption

The outage had a profound impact globally, halting operations for major airlines including Delta Air Lines, United Airlines, and American Airlines. Financial institutions, media outlets, and emergency services were also affected, with many reporting blue-screen errors linked to the CrowdStrike update. “This level of disruption is unprecedented. We are seeing impacts across sectors, from airlines to healthcare,” Kurtz explained.

Restoring Normalcy

Kurtz emphasized CrowdStrike’s commitment to resolving the issue and restoring normalcy. “We are working with each and every customer to make sure we can bring them back online,” he said. The company has mobilized its team globally to ensure the security and stability of its customers. “Our mission is to protect our customers and keep the bad guys out of their systems,” Kurtz stated.

Reflections on the Incident

Reflecting on the incident, Kurtz acknowledged the challenges of managing complex cybersecurity systems. “When you look at software, it is a very complex world, and there are a lot of interactions. Always staying ahead of the adversary is certainly a tall task,” he said. He noted that the company is focused on understanding and mitigating the root cause to prevent future occurrences. “We have a robust team that is looking at the safety and security and the quality of these updates,” he added.

Moving Forward

As the recovery process continues, CrowdStrike remains vigilant in providing support and updates to its customers. The incident underscores the critical importance of robust cybersecurity measures and the need for swift, effective responses to technical issues in an increasingly interconnected digital world.

CrowdStrike’s proactive approach and transparent communication have been crucial in managing the fallout from this outage, highlighting the company’s dedication to protecting its customers and maintaining the integrity of its systems. “We are committed to ensuring that something like this doesn’t happen again. Our focus is on learning from this incident and improving our processes,” Kurtz concluded.

The global impact of the outage serves as a stark reminder of the dependencies on cybersecurity and the ripple effects that technical issues can have across multiple industries. As CrowdStrike continues to work towards full recovery, the emphasis remains on ensuring the safety, security, and operational stability of all affected systems.