Microsoft says 8.5 million devices were affected by the CrowdStrike bug or 'less than one percent of all Windows devices' as new details emerge on Friday's tech meltdown

MADRID, SPAIN - JULY 19: A general view from Madrid-Barajas International Airport as passengers gather and wait due to the global communications outage caused by CrowdStrike, which provides cyber security services to US technology company Microsoft, on July 19, 2024 in Madrid, Spain. (Photo by Diego Radames/Anadolu via Getty Images)
(Image credit: Anadolu / Contributor via Getty Images)

If you were part of the endless legions of IT workers furiously fixing Windows machines over the weekend thanks to the CrowdStrike bug, I salute your service—and if you were affected by the disruptions to flights, hospital services, banking and more, I commiserate. Most of us, however, remained unaffected, as according to Microsoft only 1% of Windows devices fell victim to the bug.

Still, that's 8.5 million devices causing turmoil worldwide, and as a result, Microsoft says it deployed hundreds of Microsoft engineers and experts to work with customers to restore their stricken services (via The Verge). MS also engaged directly with CrowdStrike to work on a solution, with the company releasing its own, separate statement regarding some of the technical issues that caused the event.

At the core of the fault was a configuration file contained in an update for CrowdStrike's Falcon platform, which triggered a logic error that in turn caused a BSOD loop on Windows systems running Falcon sensor software. 

The update was designed to "target newly observed, malicious named pipes being used by common C2 frameworks in cyberattacks", but instead threw some very important infrastructure into a loop, causing a gigantic knock-on effect.

CrowdStrike has since corrected the logic error in a further update, and Microsoft has released a custom recovery tool to remove it. Prior to the release of the tool, admins needed to reboot affected Windows devices into Safe Mode or the Recovery Environment and manually remove the buggy file.

However, questions have been asked as to how such an update was allowed into critical Windows systems en masse in the first place, causing a disaster that may end up being one of the worst tech outages of all time. Ex-Microsoft engineer David W Plummer has tweeted a comparison of how Windows debugging processes were handled during his time at the company, and how this particular event differs.

The problem, in this case, is that this event was created by a CrowdStrike driver that passed WHQL testing but still possessed the capability to download and execute p-code that hadn't been signed by Microsoft. Essentially, a third-party driver at the heart of a system can still bring it down with a dodgy update, even if Microsoft's processes for its own updates have appropriate levels of testing and certification.

Well, it's all been a bit of a clusterfudge, hasn't it? Microsoft is unlikely to be happy that its name is once again in the headlines for server-related issues, although in recent years it's often been security breaches that have earned it criticism. As of now, the issue appears to have been fixed, at least, and perhaps some lessons have been learned for third-party updates in future.

Best gaming PCBest gaming laptop


Best gaming PC: The top pre-built machines.
Best gaming laptop: Great devices for mobile gaming.

Andy Edser
Hardware Writer

Andy built his first gaming PC at the tender age of 12, when IDE cables were a thing and high resolution wasn't. After spending over 15 years in the production industry overseeing a variety of live and recorded projects, he started writing his own PC hardware blog in the hope that people might send him things. And they did! Now working as a hardware writer for PC Gamer, Andy's been jumping around the world attending product launches and trade shows, all the while reviewing every bit of PC hardware he can get his hands on. You name it, if it's interesting hardware he'll write words about it, with opinions and everything.