Security News > 2024 > July > How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code

Analysis Last week, at 0409 UTC on July 19, 2024, antivirus maker CrowdStrike released an update to its widely used Falcon platform that caused Microsoft Windows machines around the world to crash.

Channel Files are updated over time by CrowdStrike and pushed to systems running its software.

"Channel File 291 controls how Falcon evaluates named pipe execution on Windows systems. Named pipes are used for normal, interprocess or intersystem communication in Windows," CrowdStrike explained in a technical summary published over the weekend.

CrowdStrike pushed out a file update to detect and block that misuse of pipes, but the definition data broke Falcon.

While there has been speculation that the error was the result of null bytes in the Channel File, CrowdStrike insists that's not the case.

Specific details about the root cause of the error have yet to be formally disclosed - CrowdStrike CEO George Kurtz has just been asked to testify before Congress over this matter - though security experts such as Google Project Zero guru Tavis Ormandy and Objective-See founder Patrick Wardle, have argued convincingly that the offending Channel File caused Falcon to access information in memory that simply wasn't present, triggering a crash.

News URL

https://go.theregister.com/feed/www.theregister.com/2024/07/23/crowdstrike_failure_shows_need_for/