Security experts indicated that CrowdStrike’s routine update to its widely used cybersecurity software, which led to a global system crash on Friday, likely did not go through sufficient quality assurance before being released. The update to the Falcon sensor software was intended to enhance protection against cyber threats. However, errors in the code caused a major tech outage affecting numerous companies using Microsoft’s Windows operating system.
Global banks, airlines, hospitals, and government offices experienced disruptions. Although CrowdStrike released guidance to address the affected systems, experts noted that restoring them would be time-consuming, as it involves manually removing the defective code.
Steve Cobb, Chief Security Officer at Security Scorecard, suggested that the update may have bypassed standard code vetting or sandboxing procedures, leading to its deployment without adequate checks.
The issues became apparent soon after the update was rolled out on Friday, with users sharing images on social media of computers displaying error messages on blue screens, commonly referred to as “blue screens of death.”
Patrick Wardle, a security researcher specializing in operating system threats, identified the problematic code, noting that it was contained in a file with configuration data or signatures used to detect specific types of malware.
“It’s quite common for security products to update their signatures daily,” he explained. “This is because they are constantly monitoring for new malware and ensuring their customers are protected from the latest threats.” The high frequency of updates might explain why CrowdStrike’s update wasn’t tested as thoroughly.
The exact way the faulty code entered the update and why it wasn’t caught before release remains unclear. John Hammond, Principal Security Researcher at Huntress Labs, suggested that the update should have initially been rolled out to a smaller group to avoid such widespread issues.
Similar incidents have occurred with other security firms in the past; for example, McAfee’s problematic antivirus update in 2010 caused issues for hundreds of thousands of computers. However, the global scale of this outage highlights CrowdStrike’s significant role, as their software is used by over half of Fortune 500 companies and numerous government agencies, including the Cybersecurity and Infrastructure Security Agency (CISA).