CrowdStrike has released further details Wednesday on the software issue that caused mass outages while taking down 8.5 million Windows machines.
The company posted a post incident review (PIR) on its website detailing the problem and outlined steps on how it can improve moving forward. You can read through the entire PIR, but it's not particularly intended for casual readers — it's primarily for the technical folks.
So what happened, exactly?
The TL;DR is that CrowdStrike sent out Rapid Response Content — an update designed to respond to the changing threat landscape — but there was a bug in its Content Validator. Despite this, the update, which contained the problematic content data, rolled out to customers. The issue “resulted in an out-of-bounds memory read” which, in turn, led to Windows crashing (i.e., showing the dreaded Blue Screen of Death).
Because so many companies used CrowdStrike, the miniscule error ended up being a massive issue. It was a small 40KB file that caused the problem, the Verge noted. That little mistake had the airline, healthcare, and banking industries out of commission.
How does the PIR detail plans to prevent such issues in the future? It will increase testing for Rapid Response Content, add new checks for the Content Validator, and change the way it rolls out Rapid Response Content.
Topics Cybersecurity
