Security experts are still in the dark about the underlying causes behind the massive outage of corporate Windows systems running Crowdstrike’s Falcon security software. The circumstances under which this could happen require clarification from the manufacturer.
Millions of computers showed a blue screen last Friday , indicating that they could not boot. During the day, many organizations managed to restore their systems. They slowly became operational again. According to an estimate by Microsoft, 8.5 million devices worldwide were affected. That is less than 1 percent of all devices running Microsoft Windows. A small percentage, but with major consequences.
See More : https://heylink.me/sabrina-zahira
Sandbox
Although it is clear where it went wrong , software supplier Crowdstrike has not yet provided an explanation for the fact that a programming error in a routine update went unnoticed and slipped through the testing phase. The question is whether the correct testing procedures were followed before the rollout of this widely used software took place. Normally, a new piece of software is first placed in a protected environment (sandbox) to see how the code behaves.
This isolation prevents the rest of the system from being damaged or even failing altogether. The frequency with which software companies release updates can lead to testing procedures being rushed. Reuters news agency quotes several security experts on this point .
Crowdstrike reports in a blog that it is conducting a thorough root cause analysis to determine how this programming error in the logic arose. The Texas company is also looking at whether fundamental improvements or better workflow are needed to prevent such errors in the future.
The problem could grow to such an enormous size so quickly, because of the automatic distribution of updates. If they contain a bug, all computers that are turned on or in active mode at that moment are affected.
The wrong update of the program Falcon Sensor was distributed last Friday at 04:09 local time (UTC). For 78 minutes, the error affected computers all over the world that were turned on. According to some experts, the brain of Windows, the kernel, failed, resulting in a complete crash. Computers could no longer boot.
Channel file
The updated configuration files are of the type ‘channel file’. Such updates occur multiple times per day in response to new tactics, techniques and methods of attackers. These files contain data to neutralize cyber threats. This is certainly not a new process. Crowdstrike has been using the same architecture since the launch of Falcon.
Although the channel files (in this case number 291) end with the extension .sys, Crowdstrike says they are not kernel drivers. The flaw also does not involve null bytes in a channel file, the company says. It denies that a Null pointer from the memory-unsafe C++ language was the culprit.
In any case, Crowdstrike still has a lot of explaining to do to restore trust. Since Crowdstrike has many (large) corporate customers, the incorrect configuration update could lead to one of the most widespread technical disasters. It is not excluded that such problems will recur in the future. Incidentally, the outage was not the result of a cyber attack.
Contingency plan
Minister David van Weel (Justice and Security) therefore advises companies to make emergency plans when systems fail. They should practice with this, he writes in a letter to the House of Representatives about the problems with the Crowdstrike security software.
Due to the interconnectedness of processes in the digital ecosystem, everyone can experience the consequences of a cyber incident such as last Friday, when flights had to be cancelled en masse and banks, shops and hospitals were also affected.
The speed at which the problems were resolved varied greatly per company and per department. Because many affected machines could not boot, support teams had to come by in person. The implementation of the recovery software, which has to be done manually, takes a lot of work and time. According to the NCSC in The Hague, the Crowdstrike workaround has been effective.
Several cybersecurity organizations warned of an increase in phishing. Cybercriminals tried to take advantage of the situation by offering supposed solutions.
Tesla was one of many companies today that suffered greatly from the global computer outage caused by a flaw in the software of security firm CrowdStrike. Tesla CEO Elon Musk was shocked and did not take half measures.
Due to a problem with an update of CrowdStrike, numerous Windows systems at companies showed the dreaded Blue Screen of Death since this morning. The error in the security software had major consequences worldwide. CrowdStrike is a renowned American company that has many large companies and organizations as customers. One of the customers is Tesla, which also ran into all kinds of problems due to the malfunction.
‘Removed from all our computers’
Elon Musk is now completely done with CrowdStrike and announces that he is banning the company’s software from his companies. “We just removed CrowdStrike from all of our systems,” Musk said on X . In addition to Tesla and X, Musk is also the boss of SpaceX , Neuralink and xAI.
According to Musk, the outage gave the auto industry’s supply chain a “heart attack” today. By throwing CrowdStrike off its own systems, Musk is not completely rid of the company, he acknowledges in a subsequent post. “Unfortunately, many of our suppliers and logistics companies are still using it.”
Statement from CrowdStrike
CrowdStrike released a statement apologizing for the outage. “We understand the severity and impact of the situation. We quickly identified the issue and implemented a fix, allowing us to fully focus on restoring customer systems as our highest priority.”
The company said the outage was caused by “a defect in a Falcon update for Windows.” “This was not a cyberattack. We are working closely with affected customers and partners to ensure all systems are restored.”
Pingback: News: Sanders on Netanyahu's Speech in Congress This Week - smartoobiz.com