Microsoft Corp. has revealed that an estimated 8.5 million computers running Windows were affected by a CrowdStrike Holdings Inc. update that caused widespread global outages on Friday, as both companies continue to assist affected customers.

The disruption caused by an update to CrowdStrike’s Falcon security software spread globally throughout Friday, taking banks, airlines, government services and more offline, complete with a Windows “blue screen of death.” Though the flaw did not turn out to be a cybersecurity breach, rather seeming incompetence, the ramifications — including ongoing delays and issues with systems — continued through Sunday and could extend further into the week.

In a blog post on Saturday, Microsoft said that though it was “not a Microsoft incident,” it was helping its customers recover with technical guidance and support to safely bring disrupted systems back online. Along with working with CrowdStrike, Microsoft has deployed hundreds of engineers and experts to work directly with customers.

Additionally, Microsoft said, it’s working with other cloud providers and stakeholders, including Google Cloud Platform and Amazon Web Services Inc., to share awareness on the state of the impact all are seeing across the industry and to “inform ongoing conversations with CrowdStrike and customers.”

“We’re working around the clock and providing ongoing updates and support,” David Weston, vice president of enterprise and OS security at Microsoft, said in the blog post. “Additionally, CrowdStrike has helped us develop a scalable solution that will help Microsoft’s Azure infrastructure accelerate a fix for CrowdStrike’s faulty update.”

In terms of the PCs affected, Weston noted that though software updates occasionally cause disturbances, significant incidents such as the CrowdStrike outage are “infrequent.” He also said that though fewer than 1% of all Windows machines were affected, the broad economic and societal impact stems from CrowdStrike being used in many critical services.

“This incident demonstrates the interconnected nature of our broad ecosystem — global cloud providers, software platforms, security vendors and other software vendors, and customers,” Weston added. “It’s also a reminder of how important it is for all of us across the tech ecosystem to prioritize operating with safe deployment and disaster recovery using the mechanisms that exist.”

The chaos caused by the CrowdStrike update was also a theme covered by theCUBE analyst Dave Vellante, who wrote on Saturday that the outage underscores the fragility of our connected world and the critical infrastructure that makes it run.

Though there’s no question that CrowdStrike’s update caused the outage, questions are being raised about whether some of the blame should be directed toward Microsoft.

“This incident is Microsoft’s fault, not CrowdStrike’s fault,”  J.J. Guy, chief executive officer of exposure management company Sevco Security Inc., told SiliconANGLE. “Yes, CrowdStrike pushed a kernel-level update that causes widespread blue screens. Yes, that should have been caught during QA and I’m sure we will get an after-action report that details why release procedures didn’t catch it. But software bugs happen. They are unavoidable — even for top-tier shops like CrowdStrike.

“This is a high-impact incident not because there was a blue screen, but because it causes repeated blue screens on reboot and [appears as of now] to require manual, command-line intervention on each box to remediate, and it’s even harder if BitLocker is enabled,” Guy added. “That is the result of poor resiliency in the Microsoft Windows operating system. Any software causing repeated failures on boot should not be automatically reloaded. We’ve got to stop crucifying CrowdStrike for one bug, when it is the OS’ behavior that is causing the repeated, systemic failures.”

Image: SiliconANGLE/Ideogram