CrowdStrike Blames Crash on Buggy Security Content Update
CrowdStrike vows to provide customers with greater control over the delivery of future content updates.
July 25, 2024
A buggy “security content configuration update” to CrowdStrike’s Falcon sensor, which is aimed at gathering telemetry on novel threat techniques for Windows, has been confirmed as the root cause of the problem that crashed computers around the world on July 19, and is still having an impact on global IT teams, the vendor says.
CrowdStrike – which has been thrust into the spotlight in the last week for all the wrong reasons – released a “preliminary Post Incident Review (PIR)” today identifying a defect in a Rapid Response Content configuration update as the reason for the global incident, which caused massive disruptions to business continuity and headaches for travelers, hospital patients, and business professionals alike.
These kinds of updates are one of the ways that CrowdStrike – which provides some 29,000 customers with cloud-based software for endpoint detection and response (EDR) – delivers new security content to its software, and are “a regular part of the dynamic protection mechanisms of the Falcon platform,” according to the PIR report.
Rapid Response Content specifically updates CrowdStrike’s software with the latest threat intelligence, designed “to respond to the changing threat landscape at operational speed,” according to the report.
“When received by the sensor and loaded into the Content Interpreter, problematic content in Channel File 291 resulted in an out-of-bounds memory read triggering an exception,” according to CrowdStrike. “This unexpected exception could not be gracefully handled, resulting in a Windows operating system crash (BSOD).”
Read more about:
Dark ReadingAbout the Author
You May Also Like