CrowdStrike’s faulty update crashed 8.5 million Windows devices, says Microsoft

3 months ago 41

CrowdStrike’s faulty update caused a worldwide tech catastrophe that affected 8.5 cardinal Windows devices connected Friday, according to Microsoft. Microsoft says that’s “less than 1 percent of each Windows machines,” but it was capable to make problems for retailers, banks, airlines, and galore different industries, arsenic good arsenic everyone who relies connected them.

Separately, the method breakdown from CrowdStrike released Friday explains much astir what happened and wherefore truthful galore systems were affected each astatine once.

CrowdStrike’s breakdown explains the configuration record that was astatine the bosom of the issue:

The configuration files mentioned supra are referred to arsenic “Channel Files” and are portion of the behavioral extortion mechanisms utilized by the Falcon sensor. Updates to Channel Files are a mean portion of the sensor’s cognition and hap respective times a time successful effect to caller tactics, techniques, and procedures discovered by CrowdStrike. This is not a caller process; the architecture has been successful spot since Falcon’s inception.

CrowdStrike explained that the record is not a kernel operator but is liable for “how Falcon evaluates named pipe1 execution connected Windows systems.” Security researcher and Objective See laminitis Patrick Wardle says that the explanation aligns with the earlier investigation helium and others provided astir the origin of the crash, arsenic the occupation record “C-00000291- “triggered a logic mistake that resulted successful an OS crash” (via CSAgent.sys).”

Other excerpts from CrowdStrike’s blog explicate much astir what went wrong:

On July 19, 2024 astatine 04:09 UTC, arsenic portion of ongoing operations, CrowdStrike released a sensor configuration update to Windows systems. Sensor configuration updates are an ongoing portion of the extortion mechanisms of the Falcon platform. This configuration update triggered a logic mistake resulting successful a strategy clang and bluish surface (BSOD) connected impacted systems.

And which systems were affected and when:

Systems moving Falcon sensor for Windows 7.11 and supra that downloaded the updated configuration from 04:09 UTC to 05:27 UTC – were susceptible to a strategy crash.

CrowdStrike’s transmission record updates were pushed to computers careless of immoderate settings meant to forestall specified automatic updates, Wardle noted.

Read Entire Article