Cybersecurity firm CrowdStrike has now posted the final Root Cause Analysis (RCA) report about the faulty update for its services that was released on July 19. The botched update ended up bringing down millions of Windows PCs worldwide and causing a lot of issues for people and companies for a number of days afterward.
In the report posted on the company"s Falcon Content Remediation and Guidance site, CrowdStrike offered a quick summary of what happened. It actually began in February when the company stated it added a "new sensor capability to enable visibility into possible novel attack techniques that may abuse certain Windows mechanisms."
The company released successful updates during the year until July. CrowdStrike stated:
On July 19, 2024, a Rapid Response Content update was delivered to certain Windows hosts, evolving the new capability first released in February 2024. The sensor expected 20 input fields, while the update provided 21 input fields. In this instance, the mismatch resulted in an out-of-bounds memory read, causing a system crash. Our analysis, together with a third-party review, confirmed this bug is not exploitable by a threat actor.
The full report goes into far more detail on what CrowdStrike stated happened with the update. It also reveals how the company is fixing the issue. In a separate part of the review, the company"s CEO, George Kurtz, said that as of July 29, 99% of Windows sensors were back online. He added:
We are deeply sorry for the impact this had on you. Nothing is more important than regaining your trust and confidence. Since our founding, we have always put customer protection at the forefront. This has been our North Star, and it continues to be our focus every single day.
The report also offers CrowdStrike"s plans for keeping something like this from happening again. They include updating its Content Configuration System test procedures and adding more deployment layers and acceptance checks for that system. It will also give its customers more control over how these updates are deployed on their Windows PCs.
CrowdStrike will be hiring "two independent third-party software security vendors" that will look into their sensor code, along with their quality control and update plans. There"s no word on when these inspections will be completed.