CrowdStrike, the cybersecurity firm at the center of a major global computer outage last week, has revealed that the incident was caused by a defect in its test software. In a detailed incident report released on Wednesday, the company explained that a flaw in its content validation process led to a problematic update being deployed to millions of Windows computers.
The company’s Falcon software, which is widely used by businesses to identify and manage malware and security breaches, experienced a severe disruption due to this glitch. According to CrowdStrike, the bug in the content validator allowed an update containing faulty data to pass through validation checks. This update, which is typically rolled out on a frequent basis, triggered the widespread outage.
CrowdStrike acknowledged that approximately 8.5 million devices were affected by the issue. Users across various industries encountered “blue screens of death” that rendered their systems inoperable and hindered rebooting processes. The airline sector was particularly impacted, with US carrier Delta Airlines experiencing significant disruptions.
To address the issue, CrowdStrike announced that future updates of this nature will be rolled out gradually. This phased approach is intended to detect and mitigate potential problems before they affect a large scale of customers. Dave DeWalt, former CEO of cybersecurity firm McAfee, criticized the previous approach, stating, “A full-blown rollout from a security vendor to every customer within minutes is very dangerous.”
The company also warned its customers about the risk of malicious actors attempting to exploit the situation created by the outage. As businesses and industries grappled with the fallout, CrowdStrike’s CEO, George Kurtz, has been called to testify before the US Congress to provide further details and explanations about the incident.
