CrowdStrike apologises to US government for global mega-outage

Apologizing in front of a United States government committee, a senior CrowdStrike executive expressed regret for the 19 July outage that caused IT systems worldwide to crash and display the blue-screen-of-death after the company pushed a faulty update live.

The incident began when CrowdStrike issued an update to its Falcon threat detection platform, but a bug in its automated content validator tool caused the deployment of a template containing “problematic” content data. This resulted in an out-of-bound memory condition, causing Windows computers receiving the update to enter a boot loop, restarting without warning during the startup process and leaving them unable to complete a boot cycle.

This chaos affected 8.5 million computers and various organizations globally, with a significant impact on the transport and aviation sectors. Adam Meyers, CrowdStrike’s senior vice president for counter adversary operations, issued a public apology for the mishap and assured that steps are being taken to prevent such incidents in the future.

Meyers emphasized that the outage was not a cyber attack from foreign threat actors but was caused by a CrowdStrike rapid response content update. Measures have been implemented to prevent a recurrence, with approximately 99% of Windows sensors back online as of 29 July.

In response to questions from US politicians, Meyers detailed the nature of the problem and the steps taken to prevent a similar incident. He defended CrowdStrike’s need to access the Microsoft kernel, highlighting its importance for performance, visibility, threat prevention, and anti-tampering in cyber security applications.