Photo: Getty Images
CrowdStrike, the cybersecurity company whose faulty update last week took down 8.5 million Windows systems worldwide and caused mayhem all across the world, has published an extremely lengthy and technical post that details what went wrong.
If this is somehow all new to you, read our feature covering the incident here.
In the post, the company said a bug in its test software failed to properly validate the update that was pushed out to systems worldwide last week. This was what caused systems to crash.
More specifically, the faulty update went undetected because CrowdStrike wrongly assumed that its testing software had properly validated the update.
It wrote:
Based on the testing performed before the initial deployment of the Template Type (on March 05, 2024), trust in the checks performed in the Content Validator, and previous successful IPC Template Instance deployments, these instances were deployed into production.
When received by the sensor and loaded into the Content Interpreter, problematic content in Channel File 291 resulted in an out-of-bounds memory read triggering an exception. This unexpected exception could not be gracefully handled, resulting in a Windows operating system crash (BSOD).
To ensure this doesn’t happen again, CrowdStrike will make its testing more rigorous. It said it would use a variety of tests including local developer testing, content update and rollback testing, stress testing, and more.
To find out in greater detail what caused the error, read the post by CrowdStrike by clicking on the link below.
Days ago, Microsoft suggested that an old agreement with the EU to give developers kernel access to Windows was also to be blamed for the outage.
Source: CrowdStrike
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.