CrowdStrike update caused major outages: Unpacking the issues ???

Last Friday's CrowdStrike update resulted in a major outage, affecting a staggering 8.5 million devices. Theories range from a simple mistake to a sinister plot, but what exactly happened?

This isn't the first time an antivirus update has caused widespread problems. Back in 2010, McAfee accidentally removed a key Windows file, knocking out millions of Windows XP machines.

When we’re writing this, CrowdStrike's stock value has already taken a significant hit, dropping about 15% (roughly $300 million). So, what exactly has happened?:

?? The software – CrowdStrike Falcon Sensor

This program runs silently in the background, constantly scanning for security threats. It has two key components: the driver, which executes code to monitor the system, and the Channel Files, which contain configuration files containing rules to identify new potential attacks.

Here's where things went wrong. During an update to channel file C-00000291-.sys, a logical error caused a complete system crash.

? Why was this update different?

Most applications only crash themselves when there's a bug. However, CrowdStrike operates in a highly privileged area of the system (Ring 0 or kernel mode). This means even a minor bug can cause a complete system crash.

At least, this is what the official sources state.?

?? The cause: Theories and investigations

Several potential explanations are circulating.

• Coding mistake. Security researcher Zack Vorhies (@perpetualmaniac) suggests a simple coding error might be to blame.
• Quality control failure. The update may have bypassed safeguards designed to catch such errors.
• Organizational issues. Some speculate CrowdStrike may prioritize sales over rigorous software quality control.

?? Was it an attack?

While the investigation is ongoing, a cyberattack seems unlikely.

?? The aftermath and what's next

The industry is watching closely to see how CrowdStrike responds and how this event might shape future cybersecurity practices. We’re yet to find out what exactly happened, probably after the Congressional hearings. Theoretically, it could have been anything – from a stupid mistake to a covered-up cyberattack or a false flag operation.?

What you can do today is reinforce your cybersecurity team with professional security researchers and cybersecurity specialists! DM us to find out how you can find a perfect talent match for your team!?