CrowdStrike has published a detailed investigation into the causes of the recent large-scale outage on Windows computers that occurred two weeks ago. The new 12-page Root Cause Analysis report details all aspects of the incident, which was previously covered in a previous Post Incident Review.
CrowdStrike’s explanation of the outage
According to CrowdStrike, the cause of the global outage was an update to their flagship Falcon platform designed to protect against cyber threats. The Falcon platform uses artificial intelligence and machine learning to ensure the security of customers’ systems.
In February 2024, the company introduced a new feature for the Falcon sensor that was designed to detect new attack methods. This feature included a set of fields for rapid response to threats, which was tested and implemented in production.
On March 5 of this year, a content update for the channel 291 file was released and successfully passed stress testing. The next three updates, rolled out from April 8 to April 24, also worked smoothly.
However, on July 19, 2024, a new update for certain Windows hosts that contained an enhanced version of the feature introduced the problem. The detector was expecting 20 input fields, and the update sent 21 fields, which resulted in reading data out of memory and caused the system to crash.
CrowdStrike assures that this bug cannot be used by attackers for an attack.
The large-scale failure affected 8.5 million Windows computers, which is less than 1% of the total number of users of the operating system. As a result of the incident, US Fortune 500 companies suffered financial losses of $5.4 billion. Microsoft, however, was not affected by this failure.
CrowdStrike itself has also suffered serious consequences: its market value has fallen by 22% since the failure, dropping from about $83 billion. The company has repeatedly apologized for the global problems it caused.
CrowdStrike serves about 538 Fortune 1000 companies and has a broad international reach. This significant use of its products underscores the importance of reliable technology to keep businesses running smoothly.
