CrowdStrike, the cybersecurity firm that found itself in the centre of the global IT meltdown, released an update on what went wrong on that fateful day. Apparently, its world came crashing down, both figuratively and literally, because of a bug that allowed flawed data to pass through an update.
To provide more specifics, CrowdStrike says in a remediation guide that, back in February this year, it introduced a new “InterProcessCommunication (IPC) Template Type”, designed to detect “novel attack techniques that abuse Named Pipes”. Then, on 19 July, the company introduced two more IPC Template Instances, one of which was the “problematic content data”.
To cut a long story short, a “problematic” Rapid Response Content Configuration update then carried the undetected error into its systems, which then proceeded to crash Windows systems,
CrowdStrike’s snafu effectively brought down 8.5 million Windows devices around the world. While Microsoft claims that it barely represented one percent of all of its machines, the outage was so bad, it disrupted retailers, banks, airlines and airports, and others. Unsurprisingly, the cock-up also hurt the company’s value, with its share value dropping nearly 30% in the aftermath.
The company has apologised for the incident, vowing that it would do better. “The confidence we built in drips over the years was lost in buckets within hours, and it was a gut punch,” Shawn Henry, CrowdStrike CSO, said.
(Source: CrowdStrike, Yahoo!, The Register)
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.