Get updates delivered to you daily. Free and customizable.
UPI News
CrowdStrike: Global IT outage was due to an 'undetected error' in update
By Doug Cunningham,
8 hours ago
July 24 (UPI) -- CrowdStrike said Wednesday the worldwide IT outage impacting air travel, 911 services, television and public infrastructure last week was caused by an undetected error in a Rapid Response Content Falcon update.
CrowdStrike said Wednesday that the July 19 worldwide IT outage was caused by an undetected error in a Rapid Response Content Falcon update. It brought air travel to a standstill, impacted 911 emergency services and operations at banks, hospitals, TV networks and stock exchanges. Passengers impacted by the outage seen at Istanbul Airport, Turkey, July 19. Photo by Tolga Bozoglu/EPA-EFE
Rapid Response Content is " designed to respond to the changing threat landscape at operational speed," according to CrowdStrike.
"Due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data," CrowdStrike said in a statement.
That bug caused a Windows operating system crash.
It was part of the Falcon content update for Windows hosts that took 8.5 million computers offline.
CrowdStrike said the event that triggered the outage July 19 was a content configuration update for "the Windows sensor to gather telemetry on possible novel threat techniques."
Sensor content updates from the company are not dynamically updated from the cloud. Instead, it comprises code that includes AI and machine learning models for CrowdStrike's threat detection engineers.
"Rapid Response Content provides visibility and detections on the sensor without requiring sensor code changes," CrowdStrike's statement said. "This capability is used by threat detection engineers to gather telemetry, identify indicators of adversary behavior and perform detections and preventions. Rapid Response Content is behavioral heuristics, separate and distinct from CrowdStrike's on-sensor AI prevention and detection capabilities."
To prevent the global IT crash from happening again, CrowdStrike said it is improving Rapid Response Content updates with greater resiliency and testing.
That will include local developer testing as well as enhanced error handling.
Additional validation checks are being also being added "to guard against this type of problematic content from being deployed in the future," according to CrowdStrike.
A staggered deployment strategy for Rapid Response Content will also be used to gradually deploy the updates.
Emergency 911 services were affected by the July 19 incident in several U.S. states while air travel came to a standstill. But the event was not a cyberattack, according to CrowdStrike.
The Federal Communications Commission investigated the outage.
Some TV networks were unable to broadcast and banks, hospitals and stock exchanges were also impacted.
Get updates delivered to you daily. Free and customizable.
Welcome to NewsBreak, an open platform where diverse perspectives converge. Most of our content comes from established publications and journalists, as well as from our extensive network of tens of thousands of creators who contribute to our platform. We empower individuals to share insightful viewpoints through short posts and comments. It’s essential to note our commitment to transparency: our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. We strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation. Join us in shaping the news narrative together.
Most Popular
Comments / 0