Security News > 2024 > July > How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code
![How did a CrowdStrike file crash millions of Windows computers? We take a closer look at the code](/static/build/img/news/how-did-a-crowdstrike-file-crash-millions-of-windows-computers-we-take-a-closer-look-at-the-code-medium.jpg)
Analysis Last week, at 0409 UTC on July 19, 2024, antivirus maker CrowdStrike released an update to its widely used Falcon platform that caused Microsoft Windows machines around the world to crash.
Channel Files are updated over time by CrowdStrike and pushed to systems running its software.
"Channel File 291 controls how Falcon evaluates named pipe execution on Windows systems. Named pipes are used for normal, interprocess or intersystem communication in Windows," CrowdStrike explained in a technical summary published over the weekend.
CrowdStrike pushed out a file update to detect and block that misuse of pipes, but the definition data broke Falcon.
While there has been speculation that the error was the result of null bytes in the Channel File, CrowdStrike insists that's not the case.
Specific details about the root cause of the error have yet to be formally disclosed - CrowdStrike CEO George Kurtz has just been asked to testify before Congress over this matter - though security experts such as Google Project Zero guru Tavis Ormandy and Objective-See founder Patrick Wardle, have argued convincingly that the offending Channel File caused Falcon to access information in memory that simply wasn't present, triggering a crash.
News URL
https://go.theregister.com/feed/www.theregister.com/2024/07/23/crowdstrike_failure_shows_need_for/
Related news
- CrowdStrike file update bricks Windows machines around the world (source)
- Faulty CrowdStrike update takes out Windows machines worldwide (source)
- CrowdStrike update crashes Windows systems, causes outages worldwide (source)
- Faulty CrowdStrike Update Crashes Windows Systems, Impacting Businesses Worldwide (source)
- CrowdStrike Windows patchpocalypse could take weeks to fix, IT admins fear (source)
- Microsoft confirms CrowdStrike update also hit Windows 365 PCs (source)
- Microsoft releases Windows repair tool to remove CrowdStrike driver (source)
- EU gave CrowdStrike the keys to the Windows kernel, claims Microsoft (source)
- CrowdStrike Explains Friday Incident Crashing Millions of Windows Devices (source)
- How a cheap barcode scanner helped fix CrowdStrike'd Windows PCs in a flash (source)