CrowdStrike is blaming a bug in an update that allowed its cybersecurity systems to push bad data out to millions of customer computers, setting off a global tech outage that grounded flights, took TV broadcasts off air and disrupted banks, hospitals and retailers.
The company promised to take measures in the future to prevent similar outages, including staggering the rollout of updates, giving customers more control over when and where they occur, and providing more details about the updates that it plans.
CrowdStrike on Wednesday posted details online from its “preliminary post incident review” of the outage, which caused chaos for the many businesses that pay for the cybersecurity firm’s software services.
The problem involved an “undetected error” in the content configuration update for its Falcon platform affecting Windows machines, the Texas company said.
A bug in the content validation system allowed “problematic content data” to be deployed to CrowdStrike’s customers.
That triggered an “unexpected exception” that caused a Windows operating system crash, the company said.
CrowdStrike has said a “significant number” of the 8.5 million computers that crashed on Friday, causing global disruptions, were back in operation as customers and regulators await a more detailed explanation of what went wrong.
Once its investigation is complete, CrowdStrike said it would publicly release its full analysis of the meltdown.
The outage caused days of widespread technological havoc, highlighted how much of the world depends on a few key providers of computing services and drawn the attention of regulators who want more details on what went wrong.