Last week, a global computer crash affecting services ranging from aviation to banking and healthcare was traced to a bug in CrowdStrike's quality control mechanism, the U.S. cybersecurity firm revealed on Wednesday.
The outage on Friday was due to a flaw in CrowdStrike's Falcon Sensor, an advanced platform designed to safeguard systems against malicious software and hackers. This flaw caused computers running Microsoft's Windows operating system to crash, displaying the 'Blue Screen of Death'.
CrowdStrike explained in a statement that 'due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data,' referring to the failure of an internal quality control mechanism that allowed the problematic data to bypass the company's safety checks. The company did not specify what the content data was or why it was problematic. A 'Template Instance' is a set of instructions that directs the software on what threats to identify and how to respond.
CrowdStrike has since added a 'new check' to its quality control process to prevent a recurrence of the issue. The full impact of the faulty update is still under assessment. Microsoft reported on Saturday that approximately 8.5 million Windows devices were affected, and the U.S. House of Representatives Homeland Security Committee has requested CrowdStrike CEO George Kurtz to testify.
CrowdStrike provided information to rectify affected systems last week, but experts predict that restoring these systems will be time-consuming, as it involves manually removing the flawed code.
Wednesday's statement aligns with the consensus among cybersecurity experts that something had gone severely wrong in CrowdStrike's quality control process.