CrowdStrike: ‘bug in content validator root cause of global outage’
Due to a bug in the Content Validator, a faulty update was released, causing a worldwide outage.
According to CrowdStrike’s preliminary Post Incident Review (PIR), the company released a content configuration update for Windows computers on Friday, July 19th, 2024.
Before updates are rolled out, a software program called a Content Validator checks them for possible errors. Due to a bug in the Content Validator, an update containing problematic content data was published.
This caused an out-of-bounds memory read, resulting in a Windows operating system crash, also known as the blue screen of death or BSOD.
The update automatically installed via CrowdStrike’s servers was only 40 kb in size and but the scope of the impact was immense.
Thousands of flights worldwide had to be canceled and disrupted other forms of public transportation. Furthermore, supermarkets, media companies, emergency services, hospitals and financial institutions were disrupted by the blue screens of death.
Over 8.5 million Windows computers worldwide were affected by the flawed update. After 78 minutes, CrowdStrike provided a fix. However, because computers kept restarting constantly, it was a hell of a job for system administrators to implement the fix.
CrowdStrike recommends that customers staybe vigilant because criminalsals who are trying to exploit the situatofferingoviding so-called solutions.
“We know that adversaries and bad actors will try to exploit events like this. I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives. Our blog and technical support will continue to be the official channels for the latest updates,” the cybersecurity company says.
Later today, CrowdStrike President and CEO George Kurtz must appear before the Subcommittee on Cybersecurity and Infrastructure Protection to give a detailed and public testimony on the events of last week.
Your email address will not be published. Required fields are marked