financetom
Technology
financetom
/
Technology
/
CrowdStrike update that caused global outage likely skipped checks, experts say
News World Market Environment Technology Personal Finance Politics Retail Business Economy Cryptocurrency Forex Stocks Market Commodities
CrowdStrike update that caused global outage likely skipped checks, experts say
Jul 22, 2024 3:00 PM

SAN FRANCISCO (Reuters) - Security experts said CrowdStrike's routine update of its widely used cybersecurity software, which caused clients' computer systems to crash globally on Friday, apparently did not undergo adequate quality checks before it was deployed.

The latest version of its Falcon sensor software was meant to make CrowdStrike clients' systems more secure against hacking by updating the threats it defends against. But faulty code in the update files resulted in one of the most widespread tech outages in recent years for companies using Microsoft's Windows operating system.

Global banks, airlines, hospitals and government offices were disrupted. CrowdStrike released information to fix affected systems, but experts said getting them back online would take time as it required manually weeding out the flawed code. 

"What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through," said Steve Cobb, chief security officer at Security Scorecard, which also had some systems impacted by the issue.

Problems came to light quickly after the update was rolled out on Friday, and users posted pictures on social media of computers with blue screens displaying error messages. These are known in the industry as "blue screens of death."

Patrick Wardle, a security researcher who specialises in studying threats against operating systems, said his analysis identified the code responsible for the outage.

The update's problem was "in a file that contains either configuration information or signatures," he said. Such signatures are code that detects specific types of malicious code or malware. 

"It's very common that security products update their signatures, like once a day... because they're continually monitoring for new malware and because they want to make sure that their customers are protected from the latest threats," he said. 

The frequency of updates "is probably the reason why (CrowdStrike) didn't test it as much," he said. 

It's unclear how that faulty code got into the update and why it wasn't detected before being released to customers. 

"Ideally, this would have been rolled out to a limited pool first," said John Hammond, principal security researcher at Huntress Labs. "That is a safer approach to avoid a big mess like this."

Other security companies have had similar episodes in the past. McAfee's buggy antivirus update in 2010 stalled hundreds of thousands of computers. 

But the global impact of this outage reflects CrowdStrike's dominance. Over half of Fortune 500 companies and many government bodies such as the top U.S. cybersecurity agency itself, the Cybersecurity and Infrastructure Security Agency, use the company's software. 

(This story has been refiled to add a missing word in paragraph 2)

Comments
Welcome to financetom comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
Related Articles >
Italy's FiberCop eyes some 12 bln euro investments in new plan
Italy's FiberCop eyes some 12 bln euro investments in new plan
Oct 17, 2024
CERNOBBIO, Italy, Oct 15 (Reuters) - FiberCop, the wholesale-only telecoms network operator controlled by KKR plans to earmark investments of 12 billion euros ($13.09 billion) in its upcoming five-year business plan, Chief Executive Luigi Ferraris said on Tuesday. We are a working on a five-year plan including investments of about 12 billion euros, Ferraris said on the sidelines of an...
What 16 Analyst Ratings Have To Say About Five9
What 16 Analyst Ratings Have To Say About Five9
Oct 17, 2024
Five9 ( FIVN ) has been analyzed by 16 analysts in the last three months, revealing a diverse range of perspectives from bullish to bearish. The table below provides a snapshot of their recent ratings, showcasing how sentiments have evolved over the past 30 days and comparing them to the preceding months. Bullish Somewhat Bullish Indifferent Somewhat Bearish Bearish Total...
Beyond The Numbers: 5 Analysts Discuss TechTarget Stock
Beyond The Numbers: 5 Analysts Discuss TechTarget Stock
Oct 17, 2024
In the preceding three months, 5 analysts have released ratings for TechTarget ( TTGT ) , presenting a wide array of perspectives from bullish to bearish. The table below provides a snapshot of their recent ratings, showcasing how sentiments have evolved over the past 30 days and comparing them to the preceding months. Bullish Somewhat Bullish Indifferent Somewhat Bearish Bearish...
Analyst Expectations For Cadence Design Sys's Future
Analyst Expectations For Cadence Design Sys's Future
Oct 17, 2024
In the latest quarter, 7 analysts provided ratings for Cadence Design Sys , showcasing a mix of bullish and bearish perspectives. The table below provides a snapshot of their recent ratings, showcasing how sentiments have evolved over the past 30 days and comparing them to the preceding months. Bullish Somewhat Bullish Indifferent Somewhat Bearish Bearish Total Ratings 2 2 2...
Copyright 2023-2026 - www.financetom.com All Rights Reserved