CrowdStrike, the American cybersecurity technology company that is now infamous for having caused a global tech outage last week that delayed flights and disrupted services around the world, has published an update on its website that explains what caused all of those Windows blue screens and what the company will be doing going forward (e.g., stability testing, additional validation checks) to prevent such an incident from happening again. The company, which describes itself as the world’s most advanced cloud-native platform that protects and enables the people, processes, and technologies that drive modern enterprise, was previously in the news for uncovering evidence that implicated North Korea in the Sony Pictures hack of 2014.
CrowdStrike writes:
- “On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques.”
- “These updates are a regular part of the dynamic protection mechanisms of the Falcon platform. The problematic Rapid Response Content configuration update resulted in a Windows system crash.”
- “CrowdStrike delivers security content configuration updates to our sensors in two ways: Sensor Content that is shipped with our sensor directly, and Rapid Response Content that is designed to respond to the changing threat landscape at operational speed.”
- “The issue on Friday involved a Rapid Response Content update with an undetected error.”
A recent update from CrowdStrike’s X account:
CrowdStrike continues to focus on restoring all systems as soon as possible. Of the approximately 8.5 million Windows devices that were impacted, a significant number are back online and operational.
— CrowdStrike (@CrowdStrike) July 21, 2024
Together with customers, we tested a new technique to accelerate impacted…
An apology from the CEO:
I want to sincerely apologize directly to all of you for the outage. All of CrowdStrike understands the gravity and impact of the situation. We quickly identified the issue and deployed a fix, allowing us to focus diligently on restoring customer systems as our highest priority.
The outage was caused by a defect found in a Falcon content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.
We are working closely with impacted customers and partners to ensure that all systems are restored, so you can deliver the services your customers rely on.