Microsoft alert: What is CrowdStrike Falcon and what happens if it fails

Airlines worldwide are announcing delays, news channels have halted broadcasts, supermarkets and banks are facing operational disruptions, and police departments are unable to function— all because of a sudden glitch affecting computers that use Microsoft Windows.

The issue lies with Microsoft’s cloud computing platform and is caused by a faulty update from cybersecurity firm CrowdStrike. It has the potential to lead billions of devices around the globe using Microsoft software to enter a recovery process loop and fail to start properly.

The issue was first reported in Australia, affecting check-in processes for some airlines at Brisbane Airport. It then caused the UK-based TV channel Sky News to halt its broadcasts.

It quickly spread to the US, other parts of Europe, and countries including India, New Zealand and China. In the US, the Federal Aviation Administration has suspended flights for Delta, United, and American Airlines, and Berlin Airport is issuing warnings about travel delays.

Major online platforms like Google, Amazon, Reddit and Instagram are experiencing issues, along with airlines, banks, and payment system companies.

Microsoft 365 said on X that the company was "working on rerouting the affected traffic to alternative systems to minimise impact more quickly" and noted that they were "seeing a positive trend in service availability."

CrowdStrike has acknowledged the issue and attempted to resolve it by rolling back the faulty update. However, this fix has not addressed the problem for devices already impacted.

IT administrators are advising users to boot into safe mode and delete a specific system file from the CrowdStrike directory,

Yet this solution is not possible to apply to remote or cloud-based systems since the issue prevents remote fixes, making physical access to the affected devices necessary.

The resolution process becomes more complicated as accessing billions of devices physically is nearly impossible for many teams globally.

Neither Microsoft nor CrowdStrike responded to requests for further comment or provided additional details about the cause of the outage.

How the system works

CrowdStrike Falcon is a sophisticated cybersecurity tool designed to safeguard computers and servers from a variety of online threats. Unlike traditional security systems that require physical hardware and constant updates, Falcon operates entirely in the cloud.

This means users don't need to worry about managing or maintaining any on-site equipment—CrowdStrike handles everything remotely.

Here's how Falcon works: It's an agent-based sensor that users install on devices, whether it's running Windows, Mac, or Linux. Once installed, this small program connects to CrowdStrike's cloud-based platform.

Falcon monitors the devices both online and offline, analysing files as they attempt to run. It uses several techniques to detect potential threats, including checking for known malware, analysing unusual behaviour, and using predefined prevention methods.

It is used by many prominent organisations across various sectors. Various US government agencies, including parts of the Department of Defence and intelligence agencies, rely on Falcon for its advanced threat detection.

Major financial institutions like Goldman Sachs, Bank of America, and JP Morgan Chase use Falcon to protect their sensitive data, and giant retailers like Walmart and Target, as well as energy companies such as ExxonMobil and Shell, also depend on Falcon to defend against cyber threats and protect critical infrastructure.

The system, which offers a cloud-based solution for protecting devices from a wide range of cyber threats, is particularly preferred by high-profile organisations worldwide for its ease of use and robust security features.

When the CrowdStrike Falcon is not functioning properly, it can create several serious problems, such as heightened vulnerability to cyber threats, missed threat detections, delayed incident responses, potential data breaches, compliance challenges, increased IT workload, and a loss of visibility into your network's security status.

More importantly, the devices and networks are more vulnerable to viruses and hackers without its active protection, which can lead to serious delays in detecting and fixing security issues.

The protective system is utilised by 82 percent of US state governments and 48 percent of the largest US cities, resolving over 7 million incidents annually through its managed detection and response (MDR) service.