August 9, 2024
CrowdStrike's Root Cause Analysis Reveals Key Issue Behind Global Microsoft Outage
CrowdStrike Identifies Critical Sensor Mismatch in Falcon Software Leading to Global Outage
CrowdStrike Lawsuits Follow $25 Billion Market Loss After Falcon Sensor Failure
Preventing Future Failures: CrowdStrike's New Testing Protocols After Global Outage
Rebuilding Trust: CrowdStrike's Transparency Efforts After Global Disruption
Secure Your Business with Comprehensive Cybersecurity Solutions - Contact Us Today!
CrowdStrike has released an in-depth root cause analysis of the global Microsoft outage that recently impacted 8.5 million Windows machines. Initially, testing software was blamed for the issue, but the full analysis reveals a more nuanced problem.
The primary cause was identified as a mismatch between the expected input fields of CrowdStrike’s Falcon driver and those provided in a content update. In response, CrowdStrike has committed to enhancing its testing protocols and engaging two independent third-party software security vendors to review its sensor code and release procedures.
On July 19th, known as the infamous Blue Screen of Death (BSOD) Friday, approximately 8.5 million Windows systems globally experienced severe disruptions due to a problematic update for CrowdStrike's Falcon sensor product.
The U.S.-based cybersecurity firm released a preliminary report and remediation guide shortly after the incident, but a detailed 12-page analysis has since confirmed the root cause: an undetected issue with a single sensor.
CrowdStrike provides cybersecurity solutions, such as ransomware and malware protection, primarily for businesses and large organisations. The widespread outage was traced back to Falcon sensor software, which is designed to detect and mitigate threats.
Falcon is known as “endpoint detection and response” (EDR) software. Its job is to monitor what is happening on the computers on which it is installed, looking for signs of nefarious activity (such as malware).
CrowdStrike frequently updates its Falcon software to enhance its capabilities. On July 19th, a Rapid Response Content update was deployed to certain Windows hosts. The incident, referred to as the "Channel 291 Incident" in the root cause analysis, involved introducing a new feature to Falcon's sensors. These sensors are critical in identifying suspicious activities by evaluating various indicators. You can read about the incident in more detail here.
However, the update contained a critical error: Falcon anticipated 20 input fields, but the update included 21. This "count mismatch" led to the global system failures.
In Australia alone, the impact on businesses has been estimated at more than $1 billion. Globally the impact was widespread.
In the wake of the incident, CrowdStrike is facing legal action from its shareholders. The lawsuit alleges that the company made "false and misleading" statements about its software testing processes.
CrowdStrike's stock price plummeted by 32% in the 12 days following the incident, resulting in a $25 billion (£14.5 billion) loss in market value.
CrowdStrike has refuted these allegations and intends to defend itself vigorously against the proposed class action lawsuit.
In response to the incident, CrowdStrike has pledged to improve its update testing procedures.
The company is now working with two independent third-party software security vendors to review its sensor code and release processes, aiming to prevent similar issues in the future.
Read more about the ongoing lawsuit and CrowdStrike's response here.
It is clear that rebuilding trust is something that CrowdStrike has to focus on. Many people feel that this was not a mistake that should’ve happened, particularly if correct testing measures were taken.
Regardless, CrowdStrike is committed to remaining transparent and is continuing to keep the public updated on how they will prevent something like this from happening again.
Concerned about data loss or the threat of similar outages on your business? Set up a comprehensive and reliable cybersecurity in fracture to safeguard your data and systems. Contact us for a consultation today!
If you're looking for more info or assistance, we're a call, email or message away.
App Development, Business & Tax, and Digital Marketing. Super Charge Your Growth.
Existing Customer Support Portal, speak to one of our experts in no time.
