Microsoft outage: Cybersecurity platform CrowdStrike explains what exactly went wrong for them; check details

Microsoft outage: Cybersecurity platform CrowdStrike explains what exactly went wrong for them; check details

CrowdStrike logo, Windows Crash Blue Screen of Death image (photo credit: X/@CrowdStrike, @avoid_sugar)

New Delhi, July 20: As millions of Windows computers were inaccessible for hours and services were disrupted at airlines, banks, hospitals and stock exchanges worldwide, cybersecurity platform CrowdStrike attempted to explain what actually went wrong on Saturday.

According to the company that provides third-party security updates to the Satya Nadella-run tech giant, it released a sensor configuration update for Windows systems on July 19 at 9:30 am (Indian time). Sensor configuration updates are an ongoing part of the Falcon platform’s protection mechanisms. US cybersecurity agency CISA is warning hackers who are trying to take advantage of the outage at Microsoft, says CEO Satya Nadella, who is working to get systems back online.

“This configuration update caused a logic error resulting in a system crash and a blue screen (BSOD) on the affected systems,” CrowdStrike said. In a technical blog, the company said the sensor configuration update that caused the system crash was fixed around 10:57 a.m. ET. “This issue is not a result of or related to a cyberattack,” the company said.

Millions of customers who used Falcon Sensor for Windows version 7.11 and later and were online were affected. “Systems running Falcon Sensor for Windows 7.11 and later that downloaded the updated configuration between 9:30 AM and 10:57 AM were susceptible to a system crash,” the company said.

According to them, this is not a new process and the architecture has been in place since Falcon was founded. The update that took place at 9:30 AM was designed to address newly observed malicious named pipes used by common C2 frameworks in cyberattacks.

The configuration update caused a logic error that resulted in an operating system crash. “CrowdStrike has corrected the logic error by updating the content in Channel File 291. There are no additional changes to Channel File 291 beyond the updated logic. Falcon is still evaluating and protecting against named pipe abuse,” the company explained. Elon Musk removes CrowdStrike from all systems after global IT outage; see details.

Systems that are not currently affected will continue to operate as expected, remain protected, and are not at risk of experiencing this issue in the future. “We understand how this issue arose and are conducting a thorough root cause analysis to determine how this logical flaw occurred. This effort will continue,” CrowdStrike said.

(The above story first appeared on LatestLY on Jul 20, 2024 12:02 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).