Enlarge (credit: hdaniel )

Airlines, payment processors, 911 call centers, TV networks, and other businesses have been scrambling this morning after a buggy update to CrowdStrike's Falcon security software caused Windows-based systems to crash with a dreaded blue screen of death (BSOD) error message.

We're updating our story about the outage with new details as we have them. Microsoft and CrowdStrike both say that "the affected update has been pulled," so what's most important for IT admins in the short term is getting their systems back up and running again. According to guidance from Microsoft, fixes range from annoying but easy to incredibly time-consuming and complex, depending on the number of systems you have to fix and the way your systems are configured.

Microsoft's Azure status page outlines several fixes. The first and easiest is simply to try to reboot affected machines over and over, which gives affected machines multiple chances to try to grab CrowdStrike's non-broken update before the bad driver can cause the BSOD. Microsoft says that some of its customers have had to reboot their systems as many as 15 times to pull down the update.

Enlarge / Brad Smith, vice chairman and president of Microsoft, is sworn in before testifying about Microsoft's cybersecurity work during a House Committee on Homeland Security hearing on Capitol Hill in Washington, DC, on June 13, 2024. (credit: SAUL LOEB / Contributor | AFP )

Microsoft is pivoting its company culture to make security a top priority, President Brad Smith testified to Congress on Thursday, promising that security will be "more important even than the company’s work on artificial intelligence."

Satya Nadella, Microsoft's CEO, "has taken on the responsibility personally to serve as the senior executive with overall accountability for Microsoft’s security," Smith told Congress.

His testimony comes after Microsoft admitted that it could have taken steps to prevent two aggressive nation-state cyberattacks from China and Russia .

Enlarge / A PC running Windows 11. (credit: Microsoft )

It's been a bad couple of years for Microsoft's security and privacy efforts. Misconfigured endpoints , rogue security certificates , and weak passwords have all caused or risked the exposure of sensitive data, and Microsoft has been criticized by security researchers, US lawmakers , and regulatory agencies for how it has responded to and disclosed these threats.

The most high-profile of these breaches involved a China-based hacking group named Storm-0558, which breached Microsoft's Azure service and collected data for over a month in mid-2023 before being discovered and driven out. After months of ambiguity , Microsoft disclosed that a series of security failures gave Storm-0558 access to an engineer's account, which allowed Storm-0558 to collect data from 25 of Microsoft's Azure customers, including US federal agencies.

In January, Microsoft disclosed that it had been breached again , this time by Russian state-sponsored hacking group Midnight Blizzard. The group was able "to compromise a legacy non-production test tenant account" to gain access to Microsoft's systems for "as long as two months."

Enlarge (credit: Getty Images)

Federal prosecutors indicted a Nebraska man on charges he perpetrated a cryptojacking scheme that defrauded two cloud providers—one based in Seattle and the other in Redmond, Washington—out of $3.5 million.

The indictment , filed in US District Court for the Eastern District of New York and unsealed on Monday, charges Charles O. Parks III—45 of Omaha, Nebraska—with wire fraud, money laundering, and engaging in unlawful monetary transactions in connection with the scheme. Parks has yet to enter a plea and is scheduled to make an initial appearance in federal court in Omaha on Tuesday. Parks was arrested last Friday.

Prosecutors allege that Parks defrauded “two well-known providers of cloud computing services” of more than $3.5 million in computing resources to mine cryptocurrency. The indictment says the activity was in furtherance of a cryptojacking scheme, a term for crimes that generate digital coin through the acquisition of computing resources and electricity of others through fraud, hacking, or other illegal means.

Enlarge / If you have a bunch of Windows systems, Microsoft now has an app for that. It's called "Windows App." Microsoft just has a certain way with naming things. (credit: Microsoft)

It feels strange to say it, but it's true: There is an app called, simply, "Windows." It's available for early testing on Mac, iOS and iPad, the web, Windows, and eventually Android, and it's made by Microsoft. The fact that it exists, with such a strong and simple name, says something larger than the rather plain and starting-stage app it is now.

"Windows App," as named by Microsoft in a rare bit of minimalism, is essentially a convenient remote desktop connection to a Windows OS on a physical system, an Azure virtual desktop, a Dev Box, or elsewhere. There are some other tricks you can pull off, too, like using your local device's webcam, speakers, and printer connections with your remote Windows system. But you can easily read a "Windows app" for multiple platforms, including web browsers generally, as being the next step in Microsoft's slow march toward making a virtual Windows OS something that seems convenient for everybody, whether on a business or personal account.

At the moment, you need a work or school account with Microsoft to use most of the features beyond a traditional remote desktop connection. To use a remote desktop connection, the Windows instance you're connecting to must be running a Pro edition, as Home lacks the ability to host a remote desktop connection. There are, of course, many ways to connect to a remote PC from nearly any device, including RealVNC and others.

Enlarge (credit: Getty Images)

Microsoft said the corporate account of one of its engineers was hacked by a highly skilled threat actor that acquired a signing key used to hack dozens of Azure and Exchange accounts belonging to high-profile users.

The disclosure solves two mysteries at the center of a disclosure Microsoft made in July . The company said that hackers tracked as Storm-0558 had been inside its corporate network for more than a month and had gained access to Azure and Exchange accounts, several of which were later identified as belonging to the US Departments of State and Commerce. Storm-0558 pulled off the feat by obtaining an expired Microsoft account consumer signing key and using it to forge tokens for Microsoft’s supposedly fortified Azure AD cloud service.

The disclosure left two of the most important questions unanswered. Specifically, how was a credential as sensitive as the consumer signing key stolen from Microsoft’s network, and how could it sign tokens for Azure, which is built on an entirely different infrastructure?

Enlarge (credit: Getty Images)

A US senator is calling on the Justice Department to hold Microsoft responsible for “negligent cybersecurity practices” that enabled Chinese espionage hackers to steal hundreds of thousands of emails from cloud customers, including officials in the US Departments of State and Commerce.

“Holding Microsoft responsible for its negligence will require a whole-of-government effort,” Ron Wyden (D-Ore.) wrote in a letter . It was sent on Thursday to the heads of the Justice Department, Cybersecurity and Infrastructure Security Agency, and the Federal Trade Commission.

Bending over backward

Wyden’s remarks echo those of other critics who say Microsoft is withholding key details about a recent hack. In disclosures involving the incident so far, Microsoft has bent over backwards to avoid saying its infrastructure—including the Azure Active Directory , a supposedly fortified part of Microsoft’s cloud offerings that large organizations use to manage single sign-on and multifactor authentication—was breached. The critics have said that details Microsoft has disclosed so far lead to the inescapable conclusion that vulnerabilities in code for Azure AD and other cloud offerings were exploited to pull off the successful hack.