As CrowdStrike and its enterprise customers recover from the recent power outage disasterand it is already common knowledge that a pushed update caused the problemthe company has hired two security firms to further investigate the matter.
The external code review was announced in a root cause analysis (PDF), while this was already known in the course of a post incident evaluation that a system designed to validate content (a “Content Validator”) failed, allowing a faulty IPS Template Instance intended to detect attacks to validate anyway, causing crashes due to out-of-bounds memory reads.
CrowdStrike has announced that it hopes to limit similar disruptions from broken updates in the future by staggering the deployment of templates across devices, and that its content validator now has runtime boundaries that prevent the same type of memory issues from occurring. It also plans to conduct more internal testing, but only time will tell whether this will have much of a material impact.
CrowdStruck (with a lawsuit from the company)
Even if you’re not entirely sure what a content validator is or how exactly memory reads can be pushed beyond their means, you can probably imagine that a phased update rollout system seems like a good idea for a software company. installed on millions of Windows PCs.
CrowdStrike shareholders have already thought about it and have already decided to filed a class action lawsuit against the company for failing to implement such a system. Delta has since sue on the basis of loss of income over a period of six days – which CrowdStrike, perhaps with good reason, says is actually Delta’s fault,
On the other hand, it also said, regarding the shareholder lawsuit, that it believed the case had “no merit,” which is a hard argument to make given that the implementation, or lack thereof, of a rolling patch system lies entirely with CrowdStrike.
Through The register