CrowdStrike says a glitch in an update that allowed its cybersecurity systems to transmit erroneous data to millions of customer computers triggered last week’s global technology outage that grounded planes, interrupted television broadcasts and disrupted banks, hospitals and retailers.
CrowdStrike also outlined steps it is taking to prevent the issue from recurring, including staggering the rollout of updates, giving customers more control over when and where they occur, and providing more details about planned updates.
The company posted details online Wednesday of its “preliminary post-incident review” of the outage, which has wreaked havoc for the many businesses that pay for the cybersecurity firm’s software.
The problem involved an “undetected error” in updating the content configuration of its Falcon platform that affected machines running the Windows operating system, the Texas-based company said.
A failure in the content validation system allowed “problematic content data” to be deployed to CrowdStrike customers. This triggered an “unexpected exception,” which caused the Windows operating system to crash, the company said.
As part of the new prevention measures, CrowdStrike said it was also strengthening internal testing and implementing “new control” to prevent “this type of problematic content” from being deployed again.
CrowdStrike said a “significant number” of the roughly 8.5 million computers that crashed Friday are back up and running, as customers and regulators await a more detailed explanation of what went wrong.
Once its investigation is complete, CrowdStrike announced that it will publicly release its full analysis of the incident.
The outage sparked days of widespread technological chaos, highlighted how much the world depends on a few key IT service providers and drew the attention of regulators who want more details about what went wrong.