top of page
tech360.tv

CrowdStrike Update Causes Global Outage Due to Skipped Checks

CrowdStrike's routine update of its cybersecurity software caused a global computer system crash. The faulty code in the update files led to widespread tech outages for Windows users. Restoring affected systems will require manual removal of the flawed code.

Cancun International Airport
Credit: REUTERS

The latest version of CrowdStrike's Falcon sensor software was intended to enhance clients' system security against hacking by updating threat defences. However, faulty code within the update files led to one of the most significant tech outages in recent years for companies using Microsoft's Windows operating system.


The impact of the outage was felt across various sectors, including global banks, airlines, hospitals, and government offices. CrowdStrike promptly released information to rectify affected systems, but experts warn that restoring functionality will take time as it involves manually identifying and removing the flawed code.

 New York City
Credit: REUTERS

Steve Cobb, Chief Security Officer at Security Scorecard, suggested that the problematic file may have bypassed the vetting or sandboxing processes typically employed to scrutinise code. "What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through," Cobb explained.


Reports of the issue surfaced soon after the update was rolled out, with users sharing images of computers displaying blue screens and error messages, commonly referred to as "blue screens of death." Security researcher Patrick Wardle, specialising in studying threats against operating systems, identified the specific code responsible for the outage. He stated that the problem originated from a file containing configuration information or signatures, which are used to detect specific types of malicious code or malware.


Wardle further noted that security products often update their signatures daily to ensure protection against the latest threats. He speculated that the frequency of updates might have contributed to the lack of extensive testing by CrowdStrike. The exact cause of the faulty code's inclusion in the update and its failure to be detected prior to release remains unclear.


John Hammond, Principal Security Researcher at Huntress Labs, suggested that a safer approach would have been to roll out the update to a limited pool of users first, thus minimising the potential for a widespread disruption. Similar incidents have occurred in the past with other security companies, such as McAfee's buggy antivirus update in 2010, which affected hundreds of thousands of computers.


The global impact of this outage highlights CrowdStrike's dominance in the cybersecurity market. With over half of Fortune 500 companies and numerous government bodies, including the top U.S. cybersecurity agency, the Cybersecurity and Infrastructure Security Agency, relying on CrowdStrike's software, the incident underscores the critical importance of thorough quality checks and testing procedures.

 
  • CrowdStrike's routine update of its cybersecurity software caused a global computer system crash.

  • The faulty code in the update files led to widespread tech outages for Windows users.

  • Restoring affected systems will require manual removal of the flawed code.


Source: REUTERS

As technology advances and has a greater impact on our lives than ever before, being informed is the only way to keep up.  Through our product reviews and news articles, we want to be able to aid our readers in doing so. All of our reviews are carefully written, offer unique insights and critiques, and provide trustworthy recommendations. Our news stories are sourced from trustworthy sources, fact-checked by our team, and presented with the help of AI to make them easier to comprehend for our readers. If you notice any errors in our product reviews or news stories, please email us at editorial@tech360.tv.  Your input will be important in ensuring that our articles are accurate for all of our readers.

bottom of page