Thursday, July 25, 2024
Days after a faulty update took down an estimated 8.5 million Windows computers, CrowdStrike, the cybersecurity firm that caused the crash, has shared more information about what happened.
In its initial post-incident review published Wednesday, CrowdStrike says a bug in its validation systems allowed some "problematic content data" to bypass existing checks. The data was in what CrowdStrike calls a "Rapid Response Content" update, which is stored in a binary file and therefore is not code or a kernel driver.
"Problematic content in Channel File 291 resulted in an out-of-bounds memory read triggering an exception. This unexpected exception could not be gracefully handled, resulting in a Windows operating system crash (BSOD)," the company explains.
The update that caused the massive Windows outage was tested back in March and deployed months later on July 19. Any company using CrowdStrike's services with Windows computers connected to the internet with sensor version 7.11 or newer at the time the update was pushed was impacted, CrowdStrike confirmed in the post.
Numerous businesses, government offices, and institutions were immediately debilitated by the faulty update. Airlines delayed or cancelled tens of thousands of flights worldwide, some credit card payments were unable to fully process, packages were delayed, and US Social Security and drivers' services offices were unable to help customers.
Atlanta-based Delta Air Lines is still facing substantial challenges in the wake of the CrowdStrike Windows crash, sparking a federal investigation. Rumors that Southwest Airlines' systems remained operational because it supposedly uses an ancient version of Windows are false and have not been confirmed by Southwest (Southwest and Alaska don't use CrowdStrike, ABC reports). Southwest declined to comment because its earnings call will occur on Thursday.
CrowdStrike says its faulty update was intended to help it collect data on "possible novel threat techniques" to prevent devastating cyberattacks. Ironically, it's now added this very update to its "known-bad list" to prevent future crashes.
By: DocMemory Copyright © 2023 CST, Inc. All Rights Reserved
|