Security experts claimed that cybersecurity firm CrowdStrike did not go through routine checks before the update was deployed which led to a Microsoft crash and global outage on Friday.
The new version of Falcon and Sensor software was introduced to make CrowdStrike client's system more secure against hacking. However, defective code in the updated files resulted in one of the largest outages in history.
The disturbance was reported in businesses, global banks, hospitals, government offices, and airlines. CrowdStrike issued the information to fix the affected system, but to gain normalcy it will take days as needs manually weeding on faulty code.
"What it looks like is, potentially, the vetting or the sandboxing they do when they look at code, maybe somehow this file was not included in that or slipped through," said Steve Cobb, chief security officer at Security Scorecard, according to Reuters.
As soon as the update was rolled out on Friday, users saw an error on their screens which is known as "the blue screen of death" in the industry.
Patrick Wardle, a security researcher who specialises in studying threats against operating systems, identified the code as responsible for the outage. "The update's problem was in a file that contains either configuration information or signatures," he said.
"It's very common that security products update their signatures, like once a day because they're continually monitoring for new malware and because they want to make sure that their customers are protected from the latest threats. The frequency of updates is probably the reason why (CrowdStrike) did not test it as much," Wardle added.
"Ideally, this would have been rolled out to a limited pool first," said John Hammond, principal security researcher at Huntress Labs. "That is a safer approach to avoid a big mess like this."
Image Source: Unsplash
留言