CrowdStrike reveals ‘root cause’ of global Microsoft meltdown
Company says outage caused by single sensor error
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.CrowdStrike, the cybersecurity company at the centre of last month’s Microsoft meltdown, has claimed that a single sensor error led to the worldwide outage.
More than eight million Microsoft users reported on 19 July that their computers wouldn’t turn on, with monitors showing the “blue screen of death”.
The outage caused widespread chaos as television stations went offline, air travel was disrupted and hospitals were forced to cancel appointments.
In a preliminary report soon after, CrowdStrike claimed the outage was caused by a faulty update to its Falcon sensor.
The Falcon platform has wide access to computers, sitting at the kernel level of the Windows operating system, and is supposed to analyse a range of sensors to protect systems from malicious software and hackers. It works by examining a range of indicators in a computer to check for signs of suspicious activity.
Now in a more comprehensive Root Cause Analysis, CrowdStrike claimed the meltdown was caused by just one undetected sensor. It calls the bug “Channel 291 incident”.
CrowdStrike changes the location or the number of sensors it checks for potential attacks when it updates the Falcon system.
When the faulty update was rolled out on 19 July, Falcon expected the system to have 20 input fields, but it had 21 instead.
This “count mismatch” flooded the memory of systems and led to the global Microsoft crash.
“The content interpreter expected only 20 values,” the report explains, meaning the bug sent computers in a tailspin trying to look for the source of the extra data that simply wasn’t there.
“Therefore, the attempt to access the 21st value produced an out-of-bounds memory read beyond the end of the input data array and resulted in a system crash.”
Since Falcon is closely knit with Windows, its crash brought down the entire system.
“We apologise unreservedly and will use the lessons learned from this incident to become more resilient and better serve our customers. To any customer still affected, please know we will not rest until all systems are restored,” CrowdStrike said on X.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments