CrowdStrike update that caused global outage likely skipped checks

AFP / Miguel Rodriguez Carillo

CrowdStrike's routine update of its widely used cybersecurity software, which caused clients' computer systems to crash globally on Friday, apparently did not undergo quality checks before deployment.

The latest version of CrowdStrike's Falcon Sensor software was meant to secure clients' systems against hacking by updating the threats it defends against. However, faulty code in the update files resulted in one of the most widespread tech outages for companies using Microsoft's Windows operating system in recent years.

Global banks, airlines, hospitals and government offices were disrupted. CrowdStrike released information to fix affected systems, but experts said getting them back online would take time as it required manually weeding out the flawed code.

"What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through," said Steve Cobb, chief security officer at Security Scorecard, which also had some systems impacted by the issue.

Problems emerged quickly after the update was rolled out on Friday, and users posted pictures on social media of computers with blue screens displaying error messages. These are known in the industry as "blue screens of death."

Patrick Wardle, a security researcher specialising in studying threats against operating systems, said his analysis identified the code responsible for the outage.

He said the update's problem was "in a file that contains either configuration information or signatures." Signatures are code that detects specific types of malicious code or malware.

"It's very common that security products update their signatures, like once a day... because they're continually monitoring for new malware and because they want to make sure that their customers are protected from the latest threats," he said.

The frequency of updates "is probably the reason why (CrowdStrike) didn't test it as much," he said.

It's unclear how that faulty code got into the update and why it wasn't detected before being released to customers.

"Ideally, this would have been rolled out to a limited pool first," said John Hammond, principal security researcher at Huntress Labs. "That is a safer approach to avoid a big mess like this."

Other security companies have had similar episodes in the past. McAfee's buggy antivirus update in 2010 stalled hundreds of thousands of computers.

However, the global impact of this outage reflects CrowdStrike's dominance. Over half of Fortune 500 companies and many government bodies, such as the top US cybersecurity agency and the Cybersecurity and Infrastructure Security Agency, use the company's software.

More from Business

  • Apple launches iPhone 16 with new AI features

    Apple unveiled its long-awaited, artificial intelligence-boosted iPhone 16 and promised improvements in its Siri personal assistant as it rolled out new software, beginning in test mode next month.

  • UAE-India Business Forum to be held in Mumbai

    The UAE-India Business Forum begins in Mumbai on Tuesday, September 10, aiming to explore new trade, investment and partnership opportunities between the two nations.

  • UAE's GDP hits AED 430 billion in Q1 2024

    The UAE's GDP reached AED 430 billion in Q1 2024, recording a growth of 3.4 per cent compared to the same period in 2023, while the non-oil GDP grew by four per cent compared to the same period last year.

  • UAE, Egypt strengthen ties in key sectors

    Abdullah bin Touq Al Marri, Minister of Economy, has held talks with Lieutenant General Kamel El Wazir, Deputy Prime Minister for Industrial Development, Minister of Industry and Transport of Egypt

  • Boeing Starliner departs ISS without its astronaut crew

    Boeing's Starliner spacecraft landed uncrewed in a New Mexico desert late on Friday, capping a three-month test mission hobbled by technical issues that forced the astronauts it had flown to the International Space Station to remain there until next year.