close
close

CrowdStrike likely didn’t test update after global IT outage, experts say

Auterive, France, 19-07-2024. An error message with a blue screen appeared on the screen of a PC running Microsoft Windows 10 following a faulty update to the CrowdStrike company's cybersecurity software. This led to a global computer failure affecting numerous professional computers running Microsoft applications and software, impacting many international companies and affecting air and rail transport, hospitals and stock exchanges in many countries. Photograph by Sebastien Lapeyrere. Auterive, France, 19-07-2024. An error message with a blue screen appeared on a PC screen running Microsoft's Windows 10 Suite following a faulty update to the CrowdStrike company's cybersecurity software.  Ayant entraine une panne informatique globale touchant de nombreux computers professional utilisant les apps and logiciels Microsoft impactant de nombreuses societes internationale ayant des repercussions sur le trafic de transport aerien et ferroviaire, des hopitaux et les...

A blue screen error message appeared on the screen of a Microsoft Windows 10 PC following a faulty update to the CrowdStrike cybersecurity software.
Photo: Sébastien Lapeyrere / AFP

By Zeba SiddiquiReuters

Security experts said the routine update to CrowdStrike’s widely used cybersecurity software, which caused clients’ computer systems to crash globally on Friday, apparently did not undergo adequate quality checks before it was deployed.

The latest version of its Falcon Sensor software was intended to make CrowdStrike customers’ systems more secure against cyberattacks by updating the threats it defends them against. However, faulty code in the update files led to one of the most widespread technology outages in recent years for companies using Microsoft’s Windows operating system.

Banks, airlines, hospitals and government offices around the world suffered outages. CrowdStrike published information to patch affected systems, but experts said getting them back up and running would take time as the faulty code needed to be manually removed.

“What it looks like is that potentially the verification or the sandbox that they do when they look at the code, maybe somehow this file wasn’t included or was leaked,” said Steve Cobb, chief security officer at Security Scorecard, which also had some systems affected by the issue.

The problems quickly came to light after the update was rolled out on Friday, with users posting images on social media of computers with blue screens displaying error messages. These screens are known in the industry as “blue screens of death.”

Patrick Wardle, a security researcher who specializes in studying threats against operating systems, said his analysis identified the code responsible for the outage.

The issue with the update was “in a file that contains configuration information or signatures,” he said. Such signatures are codes that detect specific types of malicious code, or malware.

“It’s very common for security products to update their signatures, like once a day… because they’re continually monitoring for new malware and because they want to make sure their customers are protected from the latest threats,” he said.

The frequency of updates “is probably why (CrowdStrike) didn’t test it as much,” he said.

It’s unclear how the flawed code made it into the update and why it wasn’t detected before it was released to customers.

“Ideally, this would have been deployed to a limited group of people first,” said John Hammond, principal security researcher at Huntress Labs. “It’s a safer strategy to avoid a disaster like this.”

Other security companies have had similar episodes in the past. McAfee’s antivirus update in 2010 caused failures and paralyzed hundreds of thousands of computers.

But the global impact of this outage reflects CrowdStrike’s dominance. More than half of Fortune 500 companies and many government agencies, including the US’s own top cybersecurity agency, the Cybersecurity and Infrastructure Security Agency, use the company’s software.

– Reuters