[ad_1]
“It looks like this may have been a review or sandboxing thing that they were doing when they were reviewing the code, and maybe this file was somehow not included or it slipped through,” said Steve Cobb, chief security officer at Security Scorecard, which also had some systems affected by the issue.
The problem came to light soon after the update was released on Friday, with users posting pictures on social media of computers with blue screens displaying error messages – known in the industry as the “blue screen of death”.
Patrick Wardle, a security researcher who specializes in threats to operating systems, said his analysis identified the code that caused the outage.
He said the problem with the update “lies in a file that contains configuration information, or signatures.” These signatures are codes that detect specific types of malicious code, or malware.
“It’s common for security products to update their signatures, say, once a day … because they’re constantly monitoring for new malware and want to ensure their customers are protected from the latest threats,” he said.
The frequency of updates “is probably why CrowdStrike hasn’t done a lot of testing,” he said.
It’s unclear how the buggy code made its way into the update and why it wasn’t discovered before it was released to customers.
“Ideally, this technology should be rolled out in a limited way first,” said John Hammond, chief security researcher at Huntress Labs. “That’s a safer approach and avoids a big mess like this.”
Other security companies have faced similar situations in the past. In 2010, a flaw in McAfee’s antivirus update crippled hundreds of thousands of computers.
But the outage’s global impact reflects CrowdStrike’s dominance. More than half of Fortune 500 companies and many government agencies, such as the Cybersecurity and Infrastructure Security Agency, the top U.S. cybersecurity agency, use the company’s software.
[ad_2]
Source link
