This update is written for business owners, IT managers, and security teams whose Microsoft environments were impacted by the CrowdStrike incident and who need clear recovery guidance.
As you may have heard, on July 19, 2024, an update in the popular cybersecurity software CrowdStrike caused a critical error on Microsoft machines. Although this was not a security breach and not Microsoft’s fault, many Microsoft users were affected.
CrowdStrike released a recovery process note within hours, and many machines were quickly restored. However, due to complications with encryption and access controls, some users are still struggling with recovery, with some services expected to be down for weeks.
Seeing an opportunity to capitalize on the confusion, numerous phishing and other scams have begun circulating. Only seek assistance from official sources such as CrowdStrike’s official support forum, a Microsoft representative, or a certified Microsoft Partner.
The most important message to communicate to your staff is to avoid clicking on unsolicited emails claiming to be from CrowdStrike representatives.
For the official recovery method, visit the CrowdStrike site directly and start a conversation there.
This incident is a reminder of the need for an advanced cybersecurity framework. We advise organizations to consider upgrading to Microsoft Defender XDR for its superior threat protection and rapid incident response capabilities.
At GCS, we’ve been actively involved in helping our clients navigate the fallout from this incident. As a top Microsoft-certified partner, we’re equipped to help you transition to Microsoft Defender XDR.
If you’re not a GCS client but want to strengthen your security posture, especially in light of this event, we’re here to provide the guidance and support you need – book a consultation today.
FAQ: The CrowdStrike Incident Explained
Was the CrowdStrike incident a security breach?
No. This incident was caused by a faulty software update, not a cyberattack or data breach. There is no evidence of data exfiltration, malware, or attacker activity related to this event.
Why did the CrowdStrike update cause Microsoft systems to fail?
The update triggered a critical error on certain Microsoft Windows systems, leading to boot failures and system crashes. The issue was related to how the update interacted with system-level components, not Microsoft infrastructure itself.
What should organizations do if they are still affected?
Organizations should follow the official recovery steps provided directly by CrowdStrike through their official support channels. Avoid third-party tools or unsolicited “fix” emails, as phishing campaigns are actively exploiting this situation.
Are phishing scams related to the CrowdStrike incident a real risk?
Yes. Attackers are sending fake emails and messages pretending to be CrowdStrike support or recovery assistance. Employees should be instructed not to click links or download tools unless they come from verified, official sources.
How can businesses reduce the impact of incidents like this in the future?
Strong incident response planning, layered security visibility, and centralized detection and response platforms—such as Microsoft Defender XDR—help organizations detect issues faster, isolate affected systems, and recover more efficiently when unexpected failures occur.
