Panoramic view of Dusseldorf Airport, Dusseldorf, Germany, on July 19, 2024. Passengers gathered and waited due to a global communication outage caused by CrowdStrike (which provides network security services to the American technology company Microsoft).
Hesham El Sharif | Anadolu | Getty Images
Security experts say CrowdStrike’s A routine update to its widely used cybersecurity software, which apparently did not undergo adequate quality checks before being deployed, caused customers’ computer systems to crash globally on Friday.
The latest version of Falcon Sensor software is designed to make CrowdStrike customers’ systems more secure against hacker attacks by updating the threats it defends against. But faulty code in an update file led to one of the most widespread outages using the company’s technology in recent years Microsoft’s Windows operating system.
Banks, airlines, hospitals and government offices around the world have been disrupted. CrowdStrike posted a message fixing affected systems, but experts say getting them back online will take time because of the need to manually clean up the flawed code.
“It looks like maybe it’s a review or a sandbox operation they were doing when they were looking at the code, and maybe somehow this file wasn’t included or slipped through the cracks,” said Steve Cobb, chief security officer at Security Scorecard. Some systems are affected by the issue. Impact.
The problem came to light quickly after the update was rolled out on Friday, with users posting images on social media of blue screens displaying error messages on their computers. These are known in the industry as “blue screens of death.”
Security researcher Patrick Wardle, who specializes in operating system threats, said his analysis identified the code that caused the outage.
He said the problem with the update was “in files containing configuration information or signatures.” This type of signature is code that detects specific types of malicious code or malware.
“It’s common for security products to update their signatures, for example once a day… because they are constantly monitoring for new malware and because they want to ensure their customers are protected against the latest threats,” he said.
The frequency of updates “may be why (CrowdStrike) didn’t test it much,” he said.
It’s unclear how the error code got into the update and why it wasn’t detected before being released to customers.
“Ideally this should be rolled out to a limited pool first,” said John Hammond, principal security researcher at Huntress Labs. “It’s a safer way to avoid a big mess like this.”
Similar incidents have occurred with other security companies in the past. McAfee’s buggy 2010 antivirus update crippled hundreds of thousands of computers.
But the global impact of the outage reflects CrowdStrike’s dominance. The company’s software is used by more than half of the Fortune 500 companies and many government agencies, such as the Cybersecurity and Infrastructure Security Agency, the top U.S. cybersecurity agency.
About The Author
