CrowdStrike blames bug for letting bad data slip through, leading to global tech outage

  • Comments
  • Print
Listen to this story

Subscriber Benefit

As a subscriber you can listen to articles at work, in the car, or while you work out. Subscribe Now
0:00
0:00
Loading audio file, please wait.
  • 0.25
  • 0.50
  • 0.75
  • 1.00
  • 1.25
  • 1.50
  • 1.75
  • 2.00

Software company CrowdStrike is blaming a bug in an update that allowed its cybersecurity systems to push bad data out to millions of customer computers, setting off last week’s global tech outage that grounded flights, took TV broadcasts off air and disrupted banks, hospitals and retailers.

CrowdStrike also outlined measures it would take to prevent the problem from recurring, including staggering the rollout of updates, giving customers more control over when and where they occur, and providing more details about the updates that it plans.

The company on Wednesday posted details online from its “preliminary post incident review ” of the outage, which caused chaos for the many businesses that pay for the cybersecurity firm’s software services.

The problem involved an “undetected error” in the content configuration update for its Falcon platform affecting Windows machines, the Texas company said.

A bug in the content validation system allowed “problematic content data” to be deployed to CrowdStrike’s customers. That triggered an “unexpected exception” that caused a Windows operating system crash, the company said.

As part of the new prevention measures, CrowdStrike said it’s also beefing up internal testing as well as putting in place “a new check” to stop “this type of problematic content” from being deployed again.

CrowdStrike has said a “significant number” of the approximately 8.5 million computers that crashed on Friday, causing global disruptions, are back in operation as customers and regulators await a more detailed explanation of what went wrong.

Once its investigation is complete, CrowdStrike said that it will publicly release its full analysis of the meltdown.

The outage caused days of widespread technological havoc, highlighting how much of the world depends on a few key providers of computing services and drawing the attention of regulators who want more details on what went wrong.

Please enable JavaScript to view this content.

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our comment policy that will govern how comments are moderated.

One thought on “CrowdStrike blames bug for letting bad data slip through, leading to global tech outage

  1. “including staggering the rollout of updates, giving customers more control over when and where they occur, and providing more details about the updates that it plans.” Seriously! This is common practice for most software companies. Hard to believe they would do a global release all at the same time.

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news. ONLY $1/week Subscribe Now

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In

Get the best of Indiana business news.

Limited-time introductory offer for new subscribers

ONLY $1/week

Cancel anytime

Subscribe Now

Already a paid subscriber? Log In