So it seems that most of the world is suffering today from the Microsoft Network going down.
Working in Cyber Security myself, I can say that it’s causing some issues with my work and half of the people in are office in London are having BSODs on all Desktops and Laptops.
Speaking to a friend of mine, Microsoft have narrowed down the issue to a Update from Crowdstrike that took place last night and it seems that something in the code form Crowdstrike is causing all these issues.
This morning, I had issues watching Sky News and checking Barclays.
It’s being blown out of proportion way more than it should’ve really - it only relates to one specific product which isn’t even Microsoft, and there are workarounds in place already.
Snark Warning: If the companies affected had a proper disaster recovery plan and redundancy in place, you might not have even noticed!
I think multiple major systems across the world failing is pretty major, from transport to health to communications. And there are some workarounds but some aren’t possible for every system. It is a major event and one that could take ages to fully fix.
I don’t think it’s been blown out of proportion. But it’s not a Microsoft update that’s caused it though so it’s not a Microsoft outage (they had their own US outage last night which didn’t affect the UK)
Perhaps - I suppose sitting here with everything working in across the organisation I’m not feeling to unnerved by it. If we used Crowdstrike, maybe that would change the perspective.
I do think it has really laid bare just how poor a number of major organisations are in terms of cybersecurity and resilience. There is far too much ‘keeping the lights on’ going on - wouldn’t be surprised if a state actor was behind this in the end.
I don’t think we can say that yet, far too early in the process for the analysis to happen. Now, more than likely, yes, it was a ‘soon to no longer be working there’ internal resource. These things happen, such as Knight Capital, AWS, etc etc.
But I think we all know that China/Russia are regularly and increasingly using cyber-warfare methods, so while it’s currently a theory and only just that - disclaimer; this is not factual evidence I’ll wait for the end report to make my final thoughts on it.
I also prefer Linux but that’s just not the case in the majority of large corporates. They trust Microsoft, and solutions such as Hyper-V are widely used for on-premise virtualisation. If used, CrowdStrike is usually installed on both the Hypervisor and the VMs.
In our case, thousands of servers… almost fully recovered now though. Time for lunch!
The biggest impact will be on firms who never reboot their servers or test their DR plans. Those firms will find that this unexpected reboot has revealed other problems that are entirely unrelated to this incident but will be just as impactful.
