Home CrowdStrike outlines fixes in root cause report after global outage

CrowdStrike outlines fixes in root cause report after global outage

TL:DR

  • CrowdStrike released a root cause report on the software update that caused a massive IT outage.
  • The update mismatch led to out-of-bounds memory read, causing system crashes.
  • CrowdStrike promises improved testing procedures and third-party reviews to prevent future issues.

CrowdStrike has released its root cause report of the faulty software update that caused one of the biggest IT outages in history. In its new post-mortem report, the cybersecurity firm investigated the error that led Windows machines to crash in July, admitting that there were issues with the testing process.

In its Root Cause Analysis (RCA) report, described how its Falcon sensor “delivers AI and machine learning to protect customer systems by identifying and remediating the latest advanced threats.”

The sensor, released in February, was produced to enable “visibility into possible novel attack techniques that may abuse certain Windows mechanisms.

“On March 5, 2024, following a successful stress test, the first Rapid Response Content for Channel File 291 was released to production as part of a content configuration update, with three additional Rapid Response updates deployed between April 8, 2024 and April 24, 2024,” CrowdStrike said. These “performed as expected” in production.

However, the sensor expected 20 input fields, but the update provided 21 input fields, causing a mismatch. This resulted in an out-of-bounds memory read, crashing the system.

The company stated that “this scenario with Channel File 291 is now incapable of recurring,” adding that what happened is now informing how it tests its systems going forward.

In a post on X, the firm wrote: “We apologize unreservedly and will use the lessons learned from this incident to become more resilient and better serve our customers. To any customer still affected, please know we will not rest until all systems are restored.”

CrowdStrike promises new test methods in root cause report

Based on the findings in the report, CrowdStrike said it will upgrade its Content Configuration System test procedures, including updated tests for Template Type development, with “automated tests for all existing Template Types.”

It is also incorporating deployment layers and acceptance checks into the Content Configuration System.

Meanwhile, it will block the creation of problematic Channel 291 files by adding validation for the number of input fields.

CrowdStrike plans to introduce more checks in the Content Validator and improve bounds checking in the Content Interpreter for Rapid Response Content in Channel File 291.

It will also enlist “two independent third-party software security vendors” to perform additional reviews of the Falcon sensor code as well as the quality control and release processes.

Last week, investors filed a lawsuit against the company. CrowdStrike and Delta’s CEO were also engaged in a public dispute after the airline blamed $500 million in losses on the security firm. The company’s chief executive, George Kurtz was called to testify before Congress last month.

Featured image: Ideogram / Canva

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Suswati Basu
Tech journalist

Suswati Basu is a multilingual, award-winning editor and the founder of the intersectional literature channel, How To Be Books. She was shortlisted for the Guardian Mary Stott Prize and longlisted for the Guardian International Development Journalism Award. With 18 years of experience in the media industry, Suswati has held significant roles such as head of audience and deputy editor for NationalWorld news, digital editor for Channel 4 News and ITV News. She has also contributed to the Guardian and received training at the BBC As an audience, trends, and SEO specialist, she has participated in panel events alongside Google. Her…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.