In This Story
CrowdStrike, the cybersecurity company behind Friday’s massive global tech outage, posted a detailed description Wednesday of the incident — including what went wrong, and why.
In a preliminary review, the Austin, Texas-based firm said the issue lay in its test software, which allowed an update to be approve despite containing “problematic content data.” In other words, it was a bug.
CrowdStrike delivers its security content configuration updates to sensors in two ways: Sensor Content that is shipped directly, and Rapid Response Content. The issue was with the latter. This content is delivered as “Template Instances,” which maps to specific behaviors for the sensor to observe, detect, or prevent, the company said.
A bug in its content validator system caused one of two Template Instances sent on Friday to pass validation despite containing this problematic data.
Once the bug was received and loaded, the defective content in the file resulted in an output that “could not be gracefully handled,” causing Microsoft Windows operating systems to crash — what’s known as the “blue screen of death.”
All devices running Microsoft Windows that rely on CrowdStrike’s flagship Falcon Sensor software, which is designed to protect against malware and other cybersecurity threats, went offline. Despite not having been a household name prior to the incident, the company is widely used by Fortune 500 companies and others. That’s why the outage impacted multiple industries, grounding flights and causing problems at banks and hospitals.
Companies are still grappling with the effects of what has become known as the largest IT outage in history, with thousands of flights delayed and CrowdStrike itself working to mitigate the reputational fallout.
CrowdStrike said it’s working on ways to prevent something like this from happening again, including using different kinds of testing, additional validation checks, improved monitoring, and giving customers more control over the delivery of Rapid Response Content updates.