Summarize

Simplifying... Inshort

A recent update from cybersecurity firm CrowdStrike caused a global IT outage due to a faulty code, raising questions about the quality checks performed before deployment.
The issue, which resulted in computers displaying Blue Screens of Death, was traced to a file containing configuration information or signatures.
Despite CrowdStrike releasing a fix, experts warn that restoration will take time, and the US Cybersecurity and Infrastructure Security Agency has issued a warning about potential exploitation of the incident by threat actors.

Was a long read? Making it simpler...

Next Article

The update disrupted operations at numerous institutions worldwide

Did CrowdStrike update causing global IT outage bypass quality checks?

By Akash Pandey

Jul 20, 2024

12:16 pm

What's the story

A routine update of cybersecurity software by CrowdStrike, led to a global IT outage on Friday, causing widespread disruption for companies using Microsoft's Windows. Experts claim that the update did not receive sufficient quality checks before deployment. A faulty code in the update files resulted in this extensive tech outage. The incident affected operations at global banks, hospitals, airlines, and government offices.

Quality concerns

Experts question quality checks of CrowdStrike update

Security experts have raised concerns about the quality checks performed on the update before its deployment. The latest version of CrowdStrike's Falcon Sensor software was intended to enhance security against hacking threats. However, a faulty code disrupted operations globally. Users reported problems soon after the update was rolled out on Friday, with computers displaying Blue Screens of Death (BSOD).

Restoration challenges

Faulty code identified, recommendations for future updates

Steve Cobb, Chief Security Officer at Security Scorecard, suggested that the file containing the faulty code might have been overlooked during the vetting or sandboxing process. John Hammond, Principal Security Researcher at Huntress Labs, recommended that such updates should be initially rolled out to a limited pool to avoid widespread issues.

Reason

How did the update miss on quality checks?

Acoording to security researcher Patrick Wardle, the update's problem was "in a file that contains either configuration information or signatures." These signatures are pieces of code designed to identify particular types of malicious software or malware. "It's very common that security products update their signatures, like once a day... because they're continually monitoring for new malware" he said. The frequency of updates "is probably the reason why (CrowdStrike) didn't test it as much," Wardle added.

Update strategy

Restoration requires time

Despite CrowdStrike releasing information to fix affected systems, experts warned that restoration would require time as it involved manually removing the flawed code. The exact reason why the faulty code was included in the firmware and why it wasn't detected before release remains unclear. This incident mirrors a similar situation in 2010 when a faulty antivirus update from McAfee stalled hundreds of thousands of computers.

Official statements

CrowdStrike CEO confirms defect, CISA issues warning

CrowdStrike CEO George Kurtz confirmed that a "defect" in a content update for Windows hosts caused the outage, ruling out a cyberattack. He stated that the firm was rolling out a fix and that Mac and Linux hosts were not affected. Meanwhile, the US Cybersecurity and Infrastructure Security Agency (CISA) warned of threat actors exploiting the incident for phishing and other malicious activities, despite no link to any suspicious activity.