The CrowdStrike update that caused the global service outage likely skipped the checkpoint, experts said, Reuters reported.
Author: Zeba Siddiqui
SAN FRANCISCO (Reuters) – Security experts said CrowdStrike’s (NASDAQ:) routine update of its widely used cybersecurity software caused customer computer systems to crash worldwide on Friday, suggesting the update did not undergo proper quality checks before being distributed.
The latest version of the Falcon sensor software was intended to update the threat defenses that CrowdStrike clients use to make their systems more secure from hacking. But a faulty code in the update file caused one of the most widespread technology outages in recent years for companies that use Microsoft’s (NASDAQ:) Windows operating system.
Global banks, airlines, hospitals, and government agencies were shut down. CrowdStrike has released information on how to fix the affected systems, but experts say it will take time to get the systems back online because the flawed code will have to be manually removed.
“It’s possible that this file was not included or was missed through the vetting or sandboxing they do when they look at the code,” said Steve Cobb, chief security officer at Security Scorecard, which says the issue affected some systems.
The issue quickly surfaced after the update was released on Friday, with users posting photos on social media of their computers showing blue screens displaying error messages — what’s known in the industry as the “blue screen of death.”
Patrick Wardle, a security researcher who specializes in threats to operating systems, said his analysis led him to identify the code responsible for the outage.
He said the problem with the update was “in a file that contained configuration information or signatures.” These signatures are code that detects specific types of malicious code or malware.
“It’s very common for security products to update their signatures once a day or so, as they are constantly monitoring for new malware and want to protect their customers from the latest threats,” he said.
“The frequency of updates may be why (CrowdStrike) hasn’t tested it as much,” he said.
It’s unclear how the flawed code ended up in the update, or why it wasn’t detected before it was released to customers.
“Ideally, this would have been released to a limited pool first,” said John Hammond, senior security researcher at Huntress Labs. “This is a safer approach to avoiding this kind of chaos.”
Other security companies have had similar incidents in the past, including McAfee’s buggy antivirus update in 2010 that caused hundreds of thousands of computers to crash.
But the global impact of the outage reflects CrowdStrike’s dominance: More than half of the Fortune 500 companies and many government agencies, including the Cybersecurity and Infrastructure Security Agency, the nation’s top cybersecurity agency, use the company’s software.
(This story has been rewritten to add a missing word in the second paragraph)