Security News
The PIR is a bit confusing to read and parse, because it attempts to assure readers that the company carefully and comprehensively tests their products - even though the company's failures on that front are obvious. CrowdStrike has implemented an update architecture that only rigorously tests some of the updates sent to clients.
Not long after Windows PCs and servers at the Australian limb of audit and tax advisory Grant Thornton started BSODing last Friday, senior systems engineer Rob Woltz remembered a small but important fact: When PCs boot, they consider barcode scanners no differently to keyboards. That knowledge nugget became important as the firm tried to figure out how to respond to the mess CrowdStrike created, which at Grant Thornton Australia threw hundreds of PCs and no fewer than 100 servers into the doomloop that CrowdStrike's shoddy testing software made possible.
As far as we're aware - and let us know any other details you may have - the security snafu started way back on February 28, when CrowdStrike developed and distributed a sensor update for Falcon intended to detect an emerging novel attack technique that abuses named pipes on Windows. At 0409 UTC on Friday, July 19, CrowdStrike pushed the ill-fated update to its Falcon endpoint security product.
The US Department of Transportation is investigating Delta Air Lines over its handling of the global IT outage caused by CrowdStrike's content update. Delta has had a particularly rough time since Friday, consistently cancelling hundreds of flights a day.
A major disruption to Windows PCs in the U.S., U.K., Australia, South Africa and other countries was caused by an error in a CrowdStrike update, the cloud security company announced on Friday. Blue Screen of Death widespread due to CrowdStrike outage.
CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems...
A bug in the Content Validator – a software element CrowdStrike relies on for testing and validating Rapid Response Content updates for its Falcon Sensors – is (partly) why the faulty update...
Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday,...
CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week. Rapid response content is delivered in those channel files as so-called "Template instances," which CrowdStrike describes as "Instantiations of a given template type." Thus, the rapid response content relies on template code defined by the base sensor content, and each piece of this response content is a template instance.
Something called 'Content Validator' did not validate the content, and the rest is history CrowdStrike has blamed a bug in its own test software for the mass-crash-event it caused last week.…