But to do this, these programmes have to be given access to inspect the very core of the computers’ operating systems for security defects. This access gives them the ability to take disrupt the very systems they are trying to protect. And it is how Microsoft’s Windows systems came into play in Friday’s outage. 

Representatives of Austin, Texas-based CrowdStrike confirmed online reports that a glitchy update was responsible for disabling potentially millions of corporate and government Windows computers around the world and causing the dreaded “blue screen of death.”

The company pegged the incident to “a defect found in a single content update for Windows hosts,” in a statement on Friday and said the outage wasn’t down to a cyberattack or security breach. Anyone using a Mac or Linux machine isn’t impacted, the company said, adding that “a fix has been deployed.”

To add to the confusion, an apparently separate incident involving Microsoft’s Azure cloud services also caused disruption on Friday. In a status update, Microsoft said it had fixed the underlying issue but that users would still feel “residual impact.”

Shares of Crowdstrike were down about 12% in premarket trading on Friday. Microsoft shares fell 1.3%.

While cybersecurity professionals say CrowdStrike’s technology is a strong way to defend against ransomware, its cost — which in some cases can be more than $50 (R900) per machine — means that most organisations don’t install it on all of their computers. What that means, however, is that the computers that have the software installed on them are among the most important to protect, and if they go down, key services can fall with them. 

One outstanding question is whether CrowdStrike’s software fix can be rolled out automatically or manually.

“You’ll have men in white vans going around to try manually fix this problem even when they put out a fix,” said Alan Woodward, professor of cybersecurity at the University of Surrey, in an interview with Bloomberg News. “To use the laptops, they’ll have to manually intervene — that is a big job.”

There’s also the question of how the bad rollout happened to begin with.

“CrowdStrike is meant to keep these machines safe,” Woodward said. “This is the sort of thing ransomware would do, but imagine ransomware simultaneously hitting the biggest organisations in the world — container ports in the Baltics, hospitals, railway stations, they’ve all been hit at once because of this one little file.”

CrowdStrike’s customer base comprises large organisations that have a large number of remote machines to manage, he added. “The economic impact is going to be huge.”