CrowdStrike Reports Bug in Quality Control Process Led to Botched Update
A CrowdStrike software update that crashed computers globally last week, affecting sectors such as aviation, banking, and healthcare, was caused by a bug in the U.S. cybersecurity firm’s quality control mechanism, the company announced on Wednesday.
Friday’s outage occurred because CrowdStrike’s Falcon Sensor, an advanced platform designed to protect systems from malicious software and hackers, had a fault that caused computers running Microsoft’s Windows operating system to crash and display the “Blue Screen of Death”.
“Due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data,” CrowdStrike said in a statement, referring to the failure of an internal quality control mechanism that allowed the problematic data to slip through the company’s own safety checks.
CrowdStrike did not specify what the content data was or why it was problematic. A “Template Instance” is a set of instructions that directs the software on which threats to identify and how to respond. To prevent future issues, CrowdStrike mentioned that it has incorporated a “new check” into its quality control process.
The full extent of the damage from the faulty update is still being evaluated. On Saturday, Microsoft reported that approximately 8.5 million Windows devices were affected. Additionally, the U.S. House of Representatives Homeland Security Committee has sent a letter to CrowdStrike CEO George Kurtz, requesting his testimony.
CrowdStrike provided directions to repair affected systems last week, though experts indicated that restoring them would be time-consuming as it involved manually removing the flawed code.
Wednesday’s statement concurred with a prevalent view among cybersecurity experts that a significant error had occurred within CrowdStrike’s quality control process.
Read More: