CrowdStrike: 'Undetected Error' in Binary File Caused Massive Windows Crash

(Credit: Lea Rae/Shutterstock.com)

Days after a faulty update took down an estimated 8.5 million Windows computers, CrowdStrike, the cybersecurity firm that caused the crash, has shared more information about what happened.

In its initial post-incident review published Wednesday, CrowdStrike says a bug in its validation systems allowed some "problematic content data" to bypass existing checks. The data was in what CrowdStrike calls a "Rapid Response Content" update, which is stored in a binary file and therefore is not code or a kernel driver.

"Problematic content in Channel File 291 resulted in an out-of-bounds memory read triggering an exception. This unexpected exception could not be gracefully handled, resulting in a Windows operating system crash (BSOD)," the company explains.

The update that caused the massive Windows outage was tested back in March and deployed months later on July 19. Any company using CrowdStrike's services with Windows computers connected to the internet with sensor version 7.11 or newer at the time the update was pushed was impacted, CrowdStrike confirmed in the post.

Numerous businesses, government offices, and institutions were immediately debilitated by the faulty update. Airlines delayed or cancelled tens of thousands of flights worldwide, some credit card payments were unable to fully process, packages were delayed, and US Social Security and drivers' services offices were unable to help customers.

Atlanta-based Delta Air Lines is still facing substantial challenges in the wake of the CrowdStrike Windows crash, sparking a federal investigation. Rumors that Southwest Airlines' systems remained operational because it supposedly uses an ancient version of Windows are false and have not been confirmed by Southwest (Southwest and Alaska don't use CrowdStrike, ABC reports). Southwest declined to comment because its earnings call will occur on Thursday.

CrowdStrike says its faulty update was intended to help it collect data on "possible novel threat techniques" to prevent devastating cyberattacks. Ironically, it's now added this very update to its "known-bad list" to prevent future crashes.

About Our Expert

Kate Irwin

Reporter

I’m a reporter for PCMag covering tech news early in the morning. Prior to joining PCMag, I was a producer and reporter at Decrypt and launched its gaming vertical, GG. I have previously written for Input, Game Rant, Dot Esports, and other places, covering a range of gaming, tech, crypto, and entertainment news.

I’ve been a PC gamer since The Sims (yes, the original) in the CD-ROM days. I still think about my first-gen pink iPod mini, which, looking back, was not so mini. In 2020, I finally built my own custom Windows PC for gaming with a 3090 graphics card, but I also regularly use Mac and iOS devices. As a reporter, I’m passionate about documenting the wide world of tech and how it affects our daily lives.

My Areas of Expertise

Microsoft
Google
Artificial intelligence
Cybersecurity
Video games are a big one. I specialize in shooters (Apex Legends, Fortnite, Overwatch) but I occasionally test out other genres as well, especially indie games or cozy games (The Sims series, Animal Crossing).
The business and tech that powers video games
Cryptocurrency and blockchain technology
Social media platforms, including Meta’s apps, X/Twitter, Telegram, TikTok, etc.
Tech regulation

The Technology I Use

MSI gaming laptops
Nvidia graphics cards
AMD CPUs
MacBook Pro and Air laptops
An iPhone from 2019 (though I’m thinking about getting a “dumb phone” like the Light Phone)
Nintendo Switch
PlayStation 5
Freewrite Traveler
At home: Sonos speakers (we have them all over the house), Philips Hue + Ring security products

Read the latest from Kate Irwin

Read full bio