On Friday, independent cybersecurity company CrowdStrike rolled out a driver update that knocked millions of Windows PCs offline, resulting in airlines, telecommunications providers, banks, emergency services, and many other facets of society being disrupted.
The outage was truly global, affecting multiple countries and critical infrastructure in various regions. CrowdStrike promptly responded with a workaround for the faulty driver that caused Windows machines to enter infinite boot loops with dreaded blue screens of death (BSOD). Unfortunately, the workaround requires physical intervention with the machine, as a user must boot into Safe Mode or Windows Recovery to delete the faulty driver.
For companies that rely heavily on Windows machines for day-to-day operations, this manual remedy will prove extremely time-consuming. With so many Windows machines affected by the outage, it begs the question of exactly how many Microsoft-powered devices were affected. Microsoft recently took to its blog to reveal the first internally estimated number. Redmond said it estimates 1% of its total Windows machines were affected by the CrowdStrike update, or approximately 8.5 million machines.
I spoke to Prof. Ahmed Banafa, Tech Expert and Engineering professor at San Jose State University, who specializes in IoT, blockchain, cybersecurity, and artificial intelligence. I asked Banafa if he believed Microsoft's internal estimate of affected machines was accurate, and he said Windows is currently running on roughly 1.5 billion devices. 1% of those being affected by CrowdStrike would equal 15 million machines, or just less than double what Microsoft estimates.
"While we can't confirm the exact number, it appears to be relatively small based on the global impact observed. They mentioned this is an estimate and also stated it's less than 1% of the total installations of Windows, which is roughly 1.5 billion devices. This would put the number close to 15 million roughly.
I didn't see an apology from Microsoft. They hired CrowdStrike and shared responsibility with them. I wouldn't be surprised if class-action lawsuits started soon after this disaster. Every time you have a cybersecurity incident, you face three major challenges: reputation, litigation, and business loss. So far, we've seen PR disaster, and the rest could be on the way," wrote Prof. Ahmed Banafa