News

LONDON – A CrowdStrike software update that hitting services from aviation to banking to healthcare was caused by a bug in the US cyber-security firm’s quality control mechanism, the company said on July 24. The outage on July 19 happened because CrowdStrike’s Falcon Sensor, an advanced platform that protects systems from malicious software and hackers, contained a fault that forced computers running Microsoft’s Windows operating system to crash and show the “blue screen of death”. “Due to a bug in the content validator, one of the two template instances passed validation despite containing problematic content data,” CrowdStrike said in a statement, referring to the failure of an internal quality control mechanism that allowed the problematic data to slip through the company’s own safety checks. CrowdStrike did not say what that content data was, nor why it was problematic. A template instance is a set of instructions that guides the software on what threats to look for and how to respond. CrowdStrike said it had added a “new check” to its quality control process in a bid to prevent the issue from occurring again. The extent of the damage from the botched update is still being assessed. On July 20, Microsoft said about 8.5 million Windows devices had been affected, and the US House of Representatives Homeland Security Committee has sent a letter to CrowdStrike chief executive George Kurtz asking him to testify. CrowdStrike released information to fix affected systems last week, but experts said getting them back online would take time as it required manually weeding out the flawed code. The July 24 statement was in line with a widely held assessment from cyber-security experts that something in CrowdStrike’s quality control process had gone badly wrong. REUTERS