Crowdstrike: Microsoft's fault

Alan Cai

July 19, 2024

Global technology networks experienced mass outages on Friday due to a faulty software update to Windows operating systems by cybersecurity giant Crowdstrike. The outage affected personal and commercial systems alike for Windows customers around the globe and most notably grounded flights, took down live television outlets, disrupted government services, disturbed hospital operations, and paused various financial services. Mac (Apple) and Linux operating systems were notably unaffected.


Crowdstrike CEO George Kurtz took responsibility on X (formerly known as Twitter), posting multiple statements throughout the day detailing the efforts his company was taking to rectify the issue, work with customers, and ensure future delays do not persist. He promised to “provide full transparency on how this occurred and the steps we’re taking to prevent anything like this from happening again.” Crowdstrike has confirmed that the delays were a result of an update failure and not a cyberattack and that only Microsoft Windows systems were affected. In the official company statement published on the Crowdstrike blog page, the company warned that “adversaries and bad actors will try to exploit events like this” and “encourage[d] everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives.”


Microsoft independently brought its cloud services back up despite several users still experiencing difficulties.


As a result of uncertainty surrounding the delay, Crowdstrike stock (NASDAQ: CRWD) plummeted 11.10% today. Microsoft stock (NASDAQ: MSFT) diminished only 0.74%, beating the NASDAQ Composite’s 0.81% decrease. The cybersecurity firm’s dip is shockingly less severe than would be expected of a failure of such a large scale (anywhere from a 25-90% drop should be expected of mistakes as large as the one that had occurred) and was likely alleviated by the CEO’s reassurances that the mistakes were being patched and such accidents would not happen again.


The delay evidently highlights a major flaw in world IT systems: a handful of corporations can bring down entire industries. However, an even bigger flaw in the system was exposed by the Crowdstrike failure: the ignorance of Microsoft and its inability to detect such major flaws. When larger corporations such as the Redmond-based tech giants outsource their functionalities such as cybersecurity to smaller third-party companies, they ought to do so with the understanding the products they are buying are not flawless and must be double-checked before implementation. Furthermore, the notion that a single third-party company can take down Microsoft services for millions of customers on accident is a major red flag for the company’s unduly trust and reliance on such vendors. Crowdstrike’s IT failure should be a blessing rather than a curse for Microsoft, for it exposed how one misstep from a small business could jeopardize its entire global operations. Microsoft’s complacency induced by its stable cash-cows Azure (cloud computing service) and 365 (cloud office suite software) has rendered it inflexible and unable to adapt to rapidly developing situations such as the one that transpired today. Were foreign agents, terrorists, cybercriminals, syndicates, or other bad actors able to find, exploit, and hold hostage Microsoft’s vulnerabilities before they were accidentally and preemptively discovered today, the world would experience a degree of chaos many times more hazardous. It is imperative that Microsoft stops hiding behind its pompous legal walls and owns up to its own mistakes.