CrowdStrike, in response to the recent incident that caused more than 8.5 million Windows systems to crash due to a faulty update, has announced that it will be providing its customers with more control over how they deploy content updates to the company’s Falcon sensor endpoint security technology. This move comes after CrowdStrike faced backlash and two lawsuits over the incident, prompting the security vendor to make significant changes to its platform and processes moving forward.
The update in question was part of a series of changes implemented by CrowdStrike following a thorough root cause analysis (RCA) of the July 19 incident. In an update on August 7, CrowdStrike revealed additional measures it has taken to prevent similar occurrences in the future. These changes include new content configuration system test procedures, enhanced deployment layers, acceptance checks for its content configuration system, and validation checks for updates.
Furthermore, CrowdStrike has enlisted the help of two independent third-party security vendors to review the code for its Falcon sensor technology and evaluate the company’s quality control and release processes. CrowdStrike’s CEO, George Kurtz, emphasized that the lessons learned from this incident will be used to enhance customer service and resilience. Kurtz stated, “We have already taken decisive steps to prevent a recurrence of this situation and to ensure increased resilience for both our company and our customers.”
The troubles for CrowdStrike began with a problematic content update on July 19, related to a new Falcon sensor capability introduced in February 2024. This update led to widespread system crashes across various industries, including airlines, financial services, healthcare, manufacturing, and government sectors. The disruptions caused by the faulty update required manual restarts of systems, resulting in prolonged downtime for many organizations.
As a result of the incident, CrowdStrike is now facing legal action, with at least two class-action lawsuits filed against the company. One lawsuit represents shareholders, while the other is on behalf of affected businesses. Additionally, organizations like Delta Air Lines are expected to pursue legal action against CrowdStrike for the financial losses incurred due to the outage.
The root cause of the problems was identified as a parameter count mismatch in the July 19 content configuration update. The update contained 21 input fields, one more than the expected 20, causing an out-of-bounds memory read and resulting in system crashes. Despite introducing the template with the discrepancy in February, the error went unnoticed during build validation, testing, and initial deployments due to the use of a wildcard matching criteria for the additional input field.
Moving forward, CrowdStrike is committed to improving its processes and systems to prevent such incidents from occurring in the future. By giving customers more control over content updates and implementing additional checks and balances, CrowdStrike aims to regain trust and ensure the reliability of its Falcon sensor technology. The security vendor’s efforts to address the root causes of the July 19 incident demonstrate a proactive approach to enhancing cybersecurity and protecting its customers from similar disruptions in the future.