CrowdStrike’s software upgrade, which resulted in computer crashes worldwide last week affecting the operations of airports, banks, and hospitals, among others, was caused by an error in the American cybersecurity company’s quality control mechanism, the company said today.
The IT systems failure last Friday occurred because CrowdStrike’s Falcon sensor, an advanced platform that protects systems from malware and hackers, contained a bug that led to the computers running Microsoft’s Windows operating system crashing and displaying the “Blue Screen of Death.”
“Due to an error in the Content Controller, one of the two Template Instances passed verification despite containing problematic content data,” CrowdStrike said in a statement, referring to the malfunction of an internal quality control system that allowed problematic data to bypass the company’s own security checks.
CrowdStrike did not specify what this content data was or why it was problematic. The “Template Instance” is a set of instructions that guides the software on which threats to look for and how to respond. CrowdStrike stated it has added a “new check” to its quality control process in an effort to prevent a recurrence of the incident.
The extent of the damage caused by the defective upgrade is still being assessed. On Saturday, July 20, Microsoft reported that approximately 8.5 million machines running Windows were affected, and the House Homeland Security Committee sent a letter to CrowdStrike’s CEO George Kurtz, requesting him to testify before the committee.
CrowdStrike released information for repairing the affected systems last week, but experts said that restoring them would take time as it requires manual removal of the faulty code.
Today’s announcement aligns with a broader assessment by cybersecurity experts who believe that something in CrowdStrike’s quality control process went very wrong.