Windows computers hosting cybersecurity software from CrowdStrike crashed after a buggy software update was deployed in the early morning hours of July 19, 2024. The outage affected computers worldwide, had a large-scale impact on multiple industries, and was widely reported in the media in real time.
Macktez does not use or deploy CrowdStrike software, so none of our clients directly suffered from the incident.
But Macktez does deploy other tools to our clients’ computers as part of our managed service subscriptions (Workstation Management, Identity Management, and Server Management). These tools require high-level system permissions to set and manage policies, and to detect and prevent cybersecurity attacks. We rely on the developers of these tools to perform complete test deployments before making any updates to their products, which are often rolled out automatically. So could a CrowdStrike-like event hit our clients’ systems?
Well, first of all, in this case there are some critical differences between CrowdStrike’s software and the tools that Macktez uses which make this particular type of breakdown highly unlikely. CrowdStrike interacts with Windows at an underlayer of the operating system called the kernel, where any error can short-circuit all other built-in security checks during the startup process and cripple the entire workstation. Kernel access used to be more prevalent by third-party software, and Microsoft says it is still required by European Union antitrust rules in certain situations, but is less and less common for software development specifically because it can cause so much damage. The tools Macktez deploys for virus detection do not edit the system at the kernel, so if an update from one of our partners contained a bug, it would either be preempted during the startup process by Windows security, or would affect only the operation of its own features, not take down the whole operating system.
But the more direct answer is: yes, it is possible for the tools we use to create unforeseen problems after an automatic update. We do take precautions to prevent that from happening: namely, we research and test any managed service tools before adopting them for our clients — including “eating our own dogfood” by deploying those tools to our own fleet of workstations. But for incremental security updates that are automatically pushed out by developers we need to rely on their internal controls to make sure the update is safe. If they make a mistake, as CrowdStrike did, then our clients downstream could be impacted in some way.
So why take that risk? Because the risk of not deploying security tools, and not regularly updating those tools to address security vulnerabilities as they are discovered, is much greater and well documented. And since the cost of extensively testing every update is beyond the reach of small- and medium-sized businesses, trusting the software developer to do that testing is a necessary compromise to make for the sake of greater security.
Maybe that’s not the unambiguous reassurance you are looking for, but it’s the reality of the current cybersecurity landscape.
Still, we think that hiring Macktez to deploy and manage security tools offers significant advantages over addressing cybersecurity without our help:
- We keep abreast of cybersecurity developments and new tools and are constantly casting our line to see if we can offer a better solution for our clients.
- We have a large field of data to evaluate our currently deployed tools, and we change our lineup when appropriate.
- We design and deploy systems with redundancies whenever our clients’ budgets allow, to reduce the possibility of a single incident creating widespread outages.
- And, when operational or security incidents do occur, we have a professional team ready to support our clients.
Every security solution needs to be balanced with cost and convenience. When we are part of those conversations with our clients, we will help to make those compromises clear and supportable. In particular, our Cybersecurity Assessment (now updated for NIST 2.0) is designed to provide a framework for that discussion and help to make the right decisions around security.