Subj : CrowdStrike hires outside help to track down cause of global outa To : All From : TechnologyDaily Date : Wed Aug 07 2024 20:45:04 CrowdStrike hires outside help to track down cause of global outages as it reveals first findings Date: Wed, 07 Aug 2024 19:40:27 +0000 Description: Despite hiring two separate firms to uncover the reason why millions of Windows computers crashed - Crowdstrike thinks it already has a good answer. FULL STORY ====================================================================== As CrowdStrike and its enterprise customers recover from the recent outage catastrophe , and it already being public knowledge that a pushed update caused the problem , the company has hired two security firms to look further into the issue. The external code review was announced in a root causes analysis ( PDF ), while it was already known in the course of a post-incident review that a system designed to validate content (a Content Validator) failed to kick in, allowing a faultyIPS Template Instance intended to detect attacks to validate, causing crashes due to out-of-bounds memory reads. CrowdStrike has announced it intends to mitigate similar broken update disruption in the future by staggering template deployment across devices, and that its content validator now has runtime bounds, preventing the same kind of memory issues from happening. It also intends to perform more internal testing, but only time will tell if this will have much material impact. CrowdStruck (with a corporate lawsuit) Even if you arent completely sure what a content validator is or how exactly memory reads can go above their station, you can probably imagine that a phased update rollout system sounds like a good idea for a company with software installed on millions of Windows PCs . CrowdStrikes shareholders have been thinking along the same lines, and have already filed a class-action lawsuit against the company for failing to implement such a system. Delta, meanwhile, are suing on the basis of lost revenue over a six-day period - which CrowdStrike say, perhaps with good reason, is Deltas fault, actually, Then again, it also said, about the shareholders case, that it believes the case lacks merit, and its hard to argue that one given that the implementation, or lack thereof, of a rolling patch system, lies entirely at CrowdStrikes feet. Via The Register More from TechRadar Pro CrowdStrike outlines just what went wrong with its update as many systems around the world are now back up We've rounded up the best endpoint security software around ====================================================================== Link to news story: https://www.techradar.com/pro/crowdstrike-hires-outside-help-to-track-down-cau se-of-global-outages-as-it-reveals-first-findings --- Mystic BBS v1.12 A47 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .