Security experts have indicated that CrowdStrike's routine update of its widely used cybersecurity software, which led to a global system crash on Friday, apparently did not undergo sufficient quality checks before being deployed. The lack of thorough testing is believed to have contributed to the widespread disruption affecting clients' computer systems worldwide.
According to a report by Reuters, the recent update to CrowdStrike's Falcon Sensor software was intended to bolster security for clients by refreshing the list of threats it protects against. Unfortunately, the update contained faulty code, which triggered one of the most significant tech outages in recent years. This disruption affected numerous companies relying on Microsoft's Windows operating system, leading to widespread system crashes and operational issues.
"What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through," said Steve Cobb, chief security officer at Security Scorecard, which also had some systems impacted by the issue.
The massive disruption to Microsoft systems has included flight delays and cancellations, as well as impacting hospitals, banks, supermarkets and millions of businesses.
Close to 7,000 flights were cancelled globally on Friday – equating to 6.2 per cent of all scheduled flights, according to Aviation analytics firm Cirium.
Patrick Wardle, a security researcher specializing in operating system threats, identified the code responsible for the outage. He explained that the issue lay in a file containing either configuration details or signatures—code used to detect specific types of malicious software or malware.
Wardle noted that it is common for security products to update their signatures regularly, often daily, to continuously monitor for new malware and ensure protection against the latest threats.
Wardle suggested that the frequent nature of updates might explain why CrowdStrike did not test this particular update as thoroughly. It remains unclear how the faulty code was introduced into the update and why it was not detected before being released to customers.
Other security companies have faced similar issues in the past. For example, McAfee's problematic antivirus update in 2010 caused hundreds of thousands of computers to stall.