CrowdStrike is blaming a bug in an update that allowed its cybersecurity systems to push bad data out to millions of customer computers, setting off last week’s global tech outage that grounded flights, took TV broadcasts off air and disrupted banks, hospitals and retailers. CrowdStrike also outlined measures it will take to prevent the problem from recurring, including staggering the rollout of updates, giving customers more control over when and where they occur, and providing more details about the updates that it plans. The company on Wednesday posted details online from its “preliminary post incident review ” of the outage, which caused chaos for the many businesses that pay for the cybersecurity firm’s software services.
Quick Read
Here is the bullet-point version of the AP story:
- CrowdStrike blames a bug in an update for pushing bad data to millions of customer computers, causing a global tech outage.
- The outage grounded flights, disrupted TV broadcasts, banks, hospitals, and retailers.
- CrowdStrike plans to prevent future issues by staggering update rollouts, giving customers more control, and providing more details about updates.
- The company’s “preliminary post incident review” revealed an “undetected error” in a content-configuration update for its Falcon platform affecting Windows machines.
- The bug allowed “problematic content data” to be deployed, causing Windows operating system crashes.
- CrowdStrike is enhancing internal testing and implementing new checks to prevent similar incidents.
- A “significant number” of the 8.5 million affected computers are back in operation.
- CrowdStrike will release a full analysis once the investigation is complete.
- The outage drew regulatory attention, highlighting dependence on key computing service providers.
- CrowdStrike sent $10 Uber Eats gift cards to teammates and partners but not customers, causing online attention.
- Uber flagged the gift card offering as fraud due to high usage rates, and details on the number of cards distributed were not immediately provided.
The Associated Press has the story:
CrowdStrike blames bug for letting bad data slip through, leading to global tech outage
Newslooks- NEW YORK (AP) —
CrowdStrike is blaming a bug in an update that allowed its cybersecurity systems to push bad data out to millions of customer computers, setting off last week’s global tech outage that grounded flights, took TV broadcasts off air and disrupted banks, hospitals and retailers.
CrowdStrike also outlined measures it will take to prevent the problem from recurring, including staggering the rollout of updates, giving customers more control over when and where they occur, and providing more details about the updates that it plans. The company on Wednesday posted details online from its “preliminary post incident review ” of the outage, which caused chaos for the many businesses that pay for the cybersecurity firm’s software services.
The problem involved an “undetected error” in the content-configuration update for its Falcon platform affecting Windows machines, the Texas-based company said. A bug in the content-validation system allowed “problematic content data” to be deployed to CrowdStrike’s customers. That triggered an “unexpected exception” that caused a Windows operating system crash, the company said.
As part of the new prevention measures, CrowdStrike said it’s also beefing up internal testing as well as putting in place “a new check” to stop “this type of problematic content” from being deployed again. CrowdStrike has said a “significant number” of the approximately 8.5 million computers that crashed on Friday are back in operation as customers and regulators await a more detailed explanation of what went wrong.
Once its investigation is complete, CrowdStrike said it will publicly release its full analysis of the meltdown. The outage caused days of widespread technological havoc, highlighted how much of the world depends on a few key providers of computing services and drawn the attention of regulators who want more details on what went wrong. Also on Wednesday, CrowdStrike gained attention online for sending out $10 Uber Eats gift cards in an apparent effort to apologize for the outage’s disruptions.
A CrowdStrike spokesperson said the company sent gift cards “to our teammates and partners who have been helping customers through this situation” — but not customers or clients. The spokesperson added that Uber later flagged the offering as fraud “because of high usage rates,” without immediately providing more details on how many cards were distributed and when.
