I've been mulling over asking these sorts of questions in the hope that i'd find a media article (mainstream or otherwise) that asked the same sort of question(s), but sadly so far i've not found anything so i thought why not ask here, after all you guys and gals have far more knowledge about Microsoft products than i do.
I also wasn't sure which thread to post this into because it could fit into several, so settled on this one, please move it if you feel it's in the wrong one.

Mainstream media appear to be focusing on Microsoft as a party at fault even though it was a third party application update (CrowdStrike) that caused the issue... initially i thought how can you (the media) apparently blame Microsoft for an update to a programme that caused Windows to fall over when Microsoft neither compiled nor published the update?

This is likely the most important question, how did all those massive global companies receive the update at the same time, was it deployed by Microsoft via their update system or was it via a rollout from CrowdStrike specifically directed at CrowdStrike sofware?

I suspect it was the former but i'd love to know the answer.
If it was the latter then why are Microsoft in the crosshairs???

Then i started to wonder if Microsoft could be somewhat complicit in this because of their refusal to allow end users to permanently disable certain updates when offered... that's my understanding of how Win10/11 works for non corporate customers but i could be wrong?

I'd also be highly surprised if airline and banking etc corporate customers didn't have the ability to benchtest any and all updates offered whether by Microsoft Update mechanisms or not before they were rolled out onto their own networks, so how did this one appear to slip through the net... have IT departments become lazy and stopped benchtesting updates just because Microsoft said automatic updates were safe to deploy whether they wanted them or not?

I could understand the odd company failing to pick up on a defective update but the scale of this catastrophe has been felt globally and across all sectors so something has clearly changed and i don't feel we're being told the truth.

I also find it hard to believe that IT departments on this scale would ever allow Windows Updates to be deployed in such a fashion, so why are Microsoft seemingly being tarnished with the same brush as CrowdStrike when afaict the only connection between Microsoft and CrowdStrike is the operating system, it just doesn't make sense that it was fine on Mac & Linux yet because it was on Windows somehow Microsoft gets tarnished as well, unless of course this is exactly what happened... Microsoft corporate account customers fell into the trap of believing that anything offered to them in the form of an update from Microsoft would be safe to rollout across their networks... or worse, they didn't realise Microsoft were about to force it on them before it was too late?

Whatever the answers to those questions are i do hope it will make Microsoft think again about forced updates, on all of their products.

To be honest I haven't looked at more than the surface of this but as to why MS would be blamed the answer is simple. 'Everyone' knows the name 'Microsoft' but few know the name 'CrowdStrike' so for media exposure the blame would be put on the better known name especially as it seems that it was deployed, or at least announce, via Microsoft cloud services. At least at a glance it seems it was through cloud services and not actually Microsoft Updates.

As to why it would not have affected Mac systems it is likely due to the OS being encrypted. Other than that, and including Linux, they are different operating systems and code that would hurt Windows would not do the same on a different OS just as you could not install an app written for Windows on a Mac or Linux system with out specific software to allow.

_________________

There's just something that doesn't make sense... i can understand why Mac & Linux weren't effected but this seems to be an a whole different level... it appears to be only corporate customers that were effected and that just doesn't make sense given they are usually extremely particular about what is deployed on their network.

For example, as things stand Microsoft and CrowdStrike estimate 8.5 million computers were effected... just imagine if it was every home PC running Windows that was bricked, the number would be in the 100's of millions if not billions, and that really would be a problem which is why i have these questions running through my head about how this happened to corporates and not home users when corporate customers are usually all over testing updates before they roll them out over their network... if it can happen to them it's only a matter of time before it can happen to the rest of us.

On this scale this has never happened before to businesses and suggests something has changed to allow it to happen, the lack of detail from Microsoft or CrowdStrike just rings alarm bells in my head that maybe, just maybe, automatic updates that can't be turned off could be a factor.

You have to understand that CrowdStrike Falcon is a cloud based security system and has extensive privileges within an OS. It is doubtful that IT has much if any real control over the thing including updates. It must also be understood that this was not an attack but rather seems to have been a faulty update affecting Microsoft 365. Other than MS365 being what was affected causing the issues Microsoft actually had nothing at all to do with this but are the better known nake to blame to get more media views.

https://www.nbclosangeles.com/news/national-international/what-is-crowdstrike/3463848/

So why were corporate systems affected while home systems were not? Apparently crowdstrike is VERY expensive and not something that a home user would install. This seems to be cyber security software that is designed for large corporations and has extensive access to deep system code, more access than I'd allow on any of my systems. Think of Norton when it could kill a system when removed unless you used their specific removal tool. It seems that, by design, IT personal have no real control over the thing. It would seem that IT cannot prevent or even delay updates as it is fully automated and seems to have full system control. Not something that I'd allow on any of my systems...

Had another link with a bit more detail but removed as, after the first viewing, it insisted on a subscription to read...

_________________

The above was posted by a tech friend who works for Microsoft. [update -- he provided this screenshot, not his words. ]

Here is a good article that gives a high level explainer --
https://www.theverge.com/2024/7/19/24201864/crowdstrike-outage-explained-microsoft-windows-bsod

The bottom line is that it is security software that is popular with Corporate IT -- 29,000 customers -- that appears to have a serious problem with the way it deploys updates. The updates do not come through Microsoft Update.

And, being security software, it has access to the OS kernel through its partnership with Microsoft.

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"

Thanks Steve. I had basically the same questions when first hearing about this.

_________________
I hear and I forget.
I see and I remember.
I do and I understand.

William A. Gustafson
I know I have forgotten more than I can ever hope to remember.

Thanks Steve, your attachment explains it all

Your tech friend has quite a unique way with words and doesn't pull his punches does he

He does indeed, but the image is a quote from a contact of his and not his own words.

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"

LOL Well whoever wrote it certainly made me smile and took me back to the good old days of Microsoft NNTP newsgroups where there were posts aplenty written just like that by people way above my pay grade (not that i ever had a pay grade compared to them, it was a fantastic place to lurk and learn though that i sorely miss to this day)... i.e. straight to the point with a little injected humour added to help make the point

Here is an even better explainer on the CrowdStrike debacle.
https://www.theverge.com/2024/7/23/24204196/crowdstrike-windows-bsod-faulty-update-microsoft-responses

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"

Nice article Steve.

Yet I have a question that I have seen no mention through all this. Where were the system backups to restore the systems??? I mean I'm just an individual yet I have multiple images and a clone backup. Don't corporations do system backups? Shoot, toss in bootable recovery media and restore an image or clone... Is this something that is too simple to be used by corporations? Unless I'm missing something basic this should not have been nearly as big of a deal as it was.

_________________

Very intersting read Steve, thanks.

As an aside, this video was 'recommended' to me by YouTube today, while i have no way of verifying the video is by whom it claims to be from, the way the video is presented (edited) does make me believe it isn't a product of AI.

I'm not going to lie and claim i understood every word, especially when programming code is on screen, for the most part i did, and if it is by whom it claims to be from then it's a very interesting insight by a former Microsoft software engineer.

It should also be noted that the date it was uploaded onto Youtube was Jan 21st so it could well be outdated by now.

CrowdStrike IT Outage Explained by a Windows Developer
https://youtu.be/wAzEJxOo1ts?si=WzU3JIBNw5ucL4FY

Jay, back when I was working, my company was responsible for operating the administrative computers at a major NASA Center. The Operations Department Manager reporting to me was responsible for making two (2) magnetic backup tapes each night. One copy was kept in a local vault, and the other was taken offsite to an undisclosed location. On the rare occasion when really-bad weather was forecast, a 3rd backup tape was flown overnight to another Nasa Center. We were all big believers in backups, so I agree with your concern.

_________________
BB

Ya, I actually wrote an encrypted password system for a smaller NASA research center in Cleveland for their work terminals. It was actually a contest where the winner got $1500.00 and access to their date computers (LOL! I'm sure not everything...) I happened to win. My routine didn't even use true encryption but, rather logic operators such as "and, Or and Exclusive Or. The key was actually a 3.25 inch floppy with data scattered across multiple sectors that booted asking for the work station password. When the password was entered it would then go through a VERY convoluted series of specific sectors on the disk which were actually pretty different between different key floppies as when setup the key sectors were randomly selected and also protected by logic operators that had protected sectors to define. In today's terms it probably equated to 128 bit encryption which, in the early 1980s, was pretty intense.

_________________

Good for you. My Department Manager didn't have to get that intense...he just mounted the large tape reel, pushed a few buttons, and watched the reel whirl.

_________________
BB

In this case, I don't believe that backups would help. Bootable recovery media would and that's actually the primary solution, but the issue for many is that physical access was needed and these systems are in data centers and even remote locations where staff is limited. Manually addressing multiple systems is/was going to take time!

_________________
stephen boots
Microsoft MVP 2004 - 2020
"Life's always an adventure with computers!"