Security News > 2024 > August > CrowdStrike hires outside security outfits to review troubled Falcon code

CrowdStrike hires outside security outfits to review troubled Falcon code
2024-08-07 00:18

CrowdStrike has hired two outside security firms to review the Falcon sensor code that sparked a global IT outage last month - but it may not have an awful lot to find, because CrowdStrike has identified the simple mistake that caused the incident.

The update went through the usual development and testing, and then CrowdStrike pushed a new "Template Type" including the IPC-related info to its Falcon sensors in a "Channel File" numbered 291.

As CrowdStrike also previously explained, two further IPC-related Template Instances were automatically deployed to Falcon users on July 19.

CrowdStrike has coded a fix to ensure that mismatches of the number of inputs validated versus number of actual inputs doesn't happen again.

The chastened security vendor is doing more tests - including some that test non-wildcard matching criteria for each field across all template types, and new checks to ensure that flawed files aren't pushed to Falcon customers in the future.

"We are not providing information on the vendors who are doing work for us beyond what is referenced in the RCA," the CrowdStrike spokesperson told The Register.


News URL

https://go.theregister.com/feed/www.theregister.com/2024/08/07/crowdstrike_full_incident_root_cause_analysis/