George Kurtz, co-founder and CEO of cybersecurity firm CrowdStrike, has been summoned to testify before the House Homeland Security Committee following last week’s global Windows outage. This significant crash, still affecting many systems today, was traced back to a defective CrowdStrike software update.
The malfunction led to Windows machines entering an infinite boot loop, resulting in the infamous Blue Screen of Death. The repercussions were felt across multiple sectors, including airlines, banks, media organizations, and hospitals. According to Microsoft, an estimated 8.5 million machines were impacted, and the financial and operational toll on organizations is still being assessed.
George Kurtz, who founded CrowdStrike in 2012 with Dmitri Alperovitch, appeared on NBC News during the outage to apologize. Although the company promptly released a fix, the damage had already been done. As reported by the Washington Post, Kurtz has been called to testify about the events of July 19, explaining what went wrong and how CrowdStrike plans to prevent such incidents in the future.
Mark Green, Chair of the Homeland Security Committee, and Andrew Garbarino, Chair of the Cybersecurity and Infrastructure Protection Subcommittee, emphasized the incident’s severe impact in a letter to Kurtz dated July 22. “Recognizing that Americans will undoubtedly feel the lasting, real-world consequences of this incident, they deserve to know in detail how this incident happened and the mitigation steps CrowdStrike is taking,” they wrote.
The letter highlighted the widespread disruption, noting that in the United States alone, over 3,000 commercial flights were canceled, and more than 11,800 were delayed. Additionally, surgeries were canceled, and 911 emergency call centers experienced interruptions, among other significant impacts.
Kurtz has been requested to schedule a hearing with the subcommittee by the end of the day on Wednesday as CrowdStrike continues to assist in the cleanup operation. CrowdStrike spokesperson Kevin Benacci stated that the company “is actively in contact with relevant Congressional Committees.” In the meantime, a recent fix from Microsoft, released over the weekend, aims to expedite the recovery of affected machines.
Microsoft’s recovery tool creates a bootable USB drive utilizing a lightweight version of Windows called the Windows Preinstallation Environment. This tool automatically identifies and removes the faulty CrowdStrike update, eliminating the need for IT admins to resort to Safe Mode or repetitive reboots in hopes of receiving the necessary update.
Despite these efforts, the sheer number of affected machines and the limited IT resources available in some cases mean that it will be some time before the CrowdStrike issue is fully resolved.