CrowdStrike’s routine update of its widely used cybersecurity software, which caused customers’ computer systems to crash globally on Friday, appeared not to have undergone adequate quality checks before being deployed, security experts said.
The latest version of its Falcon sensor software was intended to make CrowdStrike clients’ systems more secure against hacking by updating the threats it defends against. But faulty code in the update files resulted in one of the most widespread technical disruptions in recent years for companies using Microsoft’s Windows operating system.
Global banks, airlines, hospitals and government offices were disrupted. CrowdStrike released information on how to fix the affected systems, but experts said getting them back online would take time as it would require manually sorting out the flawed code.
“It appears that this file was possibly not included or missed by the testing or sandboxing that they do when they look at the code,” said Steve Cobb, chief security officer at Security Scorecard. Some systems were also affected by this issue.
Problems emerged soon after the update was released on Friday, with users posting photos on social media of computers with blue screens displaying error messages. These are known in the industry as “blue screens of death.”
Patrick Wardle, a security researcher who specializes in studying threats against operating systems, said his analysis identified the code responsible for the disruption.
He said the problem with the update was “in a file that contained configuration information or signatures.” Such signatures are code that detects specific types of malicious code or malware.
“It’s very common that security products update their signatures once a day … because they’re constantly monitoring for new malware and because they want to make sure their customers are protected against the latest threats,” he said.
“The frequency of updates is probably the reason why (CrowdStrike) hasn’t tested it more,” he said.
It’s unclear how the faulty code made it into the update and why it wasn’t detected before it was released to customers.
“Ideally, this should have been restricted to a limited number of people in the first place,” said John Hammond, principal security researcher at Huntress Labs. “This is a safer way to avoid a major breach like this.”
Similar incidents have happened with other security companies in the past. In 2010, a buggy antivirus update from McAfee crashed hundreds of thousands of computers.
But the global impact of this outage shows CrowdStrike’s dominance. More than half of Fortune 500 companies and many government bodies such as the top US cybersecurity agency, the Cybersecurity and Infrastructure Security Agency, use the company’s software.
(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)