A CrowdStrike update released last July 19, 2024, has led to widespread system crashes that affected millions of businesses worldwide. Included in these businesses are airlines, banks and even media companies, resulting in service delays, business, and financial loss. IT consultant NYC shares a recent statement from CrowdStrike, explaining the reason for the system outage.
The incident that brought businesses to a halt in the middle of July 2024 is known as the “Channel File 291”. This outage came from a glitch in the company’s Falcon Sensor software update. Reportedly, it was because of an error in the content validation linked to a new Template Type. This content was supposedly aimed at detecting advanced attack techniques involving Windows interprocess communication or IPC.
According to CrowdStrike, the root issue was a mismatch in the number of input parameters expected by CrowdStrike’s Content Validator and Content Interpreter. To specify, the update introduced a 21st input parameter, but the Content Interpreter was only prepared to handle 20. Unfortunately, the oversight was not detected and slipped through the cracks during testing. As such, it became a critical discrepancy.
IT consultant NYC reports that CrowdStrike explains further on the matter. The issue happened with the Content Interpreter, or the program that executes the instruction in high-level language from the programmer, from the was only expecting 20 inputs. However, there was erroneously a 21st input during the IPC, or interprocess communication, notifications. Because there was a mismatch, the system tried to read the instructions more than its memory’s capacity thereby leading to the crash.
In order to resolve the issue, IT consultant NYC said that CrowdStrike has updated its processes. Reportedly, the company has added checks to ensure the number of input fields matches expectations and introduced runtime validations to prevent out-of-bound memory reads. Furthermore, they have also updated the Content Validator to prevent similar issues by limiting wildcard criteria in the 21st field.
While at it, CrowdStrike is now also improving its testing protocols. This is to ensure that all potential scenarios, including non-wildcard matching criteria, are covered. In addition to deployment checks, the Content Configuration System, a software that helps in creating, managing, modifying and storing digital content, now includes new testing procedures. Moreover, CrowdStrike has enhanced the Falcon platform to provide customers with better control over Rapid Response Content delivery.
IT consultant NYC says that CrowdStrike reported to now taking more steps by having two independent security firms. These firms are to review the Falcon sensor code and their quality assurance process. In the same vein, they’re also working with Microsoft to integrate new security features into Windows. This is in emphasis that their kernel driver plays an important role in early malware detection and defense.
As mentioned above, the airline industry was among the ones that were hit the hardest during the crashes. In line with this, Delta Air Lines’ announced that it will seek compensation from CrowdStrike and Microsoft. The airline said that they incurred about $500 million in loss because of the security update from thousands of canceled flights. However, to counter this, CrowdStrike and Microsoft suggested that Delta’s issues might be more complex than just the software update. It is also worth noting that Delta had declined offers of on-site assistance.
On top of these issues, IT consultant NYC noted that CrowdStrike has refuted claims from a Chinese security firm called Qihoo 360. The company suggested that the sensor bug could be taken advantage of in order to gain escalation and remote code execution. However, CrowdStrike clarified that although the issue on the bug was important, their security measures keep the bug from being used to gain control over memory or program execution.
For businesses grappling with such technical challenges, IT consultant NYC firms such as EBSolution can be invaluable. Our experts IT, cybersecurity and business recovery professionals can help you keep your business safe from attacks. Similarly, we can create a system for your business to continue its services and operation in the event of major system crashes. Get in touch with us today and strengthen your company’s cyber resiliency.