CrowdStrike, the cybersecurity company at the centre of last month’s Microsoft meltdown , has claimed that a single sensor error led to the worldwide outage .
More than eight million Microsoft users reported on 19 July that their computers wouldn’t turn on, with monitors showing the “blue screen of death”.
The outage caused widespread chaos as television stations went offline , air travel was disrupted and hospitals were forced to cancel appointments .
In a preliminary report soon after, CrowdStrike claimed the outage was caused by a faulty update to its Falcon sensor.
The Falcon platform has wide access to computers , sitting at the kernel level of the Windows operating system, and is supposed to analyse a range of sensors to protect systems from malicious software and hackers. It works by examining a range of indicators in a computer to check for signs of suspicious activity.
Now in a more comprehensive Root Cause Analysis, CrowdStrike claimed the meltdown was caused by just one undetected sensor. It calls the bug “Channel 291 incident”.
CrowdStrike changes the location or the number of sensors it checks for potential attacks when it updates the Falcon system.
When the faulty update was rolled out on 19 July, Falcon expected the system to have 20 input fields, but it had 21 instead.
This “count mismatch” flooded the memory of systems and led to the global Microsoft crash.
“The content interpreter expected only 20 values,” the report explains, meaning the bug sent computers in a tailspin trying to look for the source of the extra data that simply wasn’t there.
“Therefore, the attempt to access the 21st value produced an out-of-bounds memory read beyond the end of the input data array and resulted in a system crash.”
Since Falcon is closely knit with Windows, its crash brought down the entire system.
“We apologise unreservedly and will use the lessons learned from this incident to become more resilient and better serve our customers. To any customer still affected, please know we will not rest until all systems are restored,” CrowdStrike said on X.
Most Popular
Comments / 0