Jump to content

US EditionChange

UK EditionAsia EditionEdición en Español
Sign up to our newsletters
More
Best
Climate
TV

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in

CrowdStrike reveals ‘root cause’ of global Microsoft meltdown

Company says outage caused by single sensor error

Vishwam Sankaran
Wednesday 07 August 2024 12:19 BST
Comments
Close
Related: CrowdStrike strikes back over Delta Air Lines $500 million claim

Support truly
independent journalism

Support Now

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Louise Thomas

Editor

CrowdStrike, the cybersecurity company at the centre of last month’s Microsoft meltdown, has claimed that a single sensor error led to the worldwide outage.

More than eight million Microsoft users reported on 19 July that their computers wouldn’t turn on, with monitors showing the “blue screen of death”.

The outage caused widespread chaos as television stations went offline, air travel was disrupted and hospitals were forced to cancel appointments.

In a preliminary report soon after, CrowdStrike claimed the outage was caused by a faulty update to its Falcon sensor.

The Falcon platform has wide access to computers, sitting at the kernel level of the Windows operating system, and is supposed to analyse a range of sensors to protect systems from malicious software and hackers. It works by examining a range of indicators in a computer to check for signs of suspicious activity.

Now in a more comprehensive Root Cause Analysis, CrowdStrike claimed the meltdown was caused by just one undetected sensor. It calls the bug “Channel 291 incident”.

CrowdStrike changes the location or the number of sensors it checks for potential attacks when it updates the Falcon system.

The global Microsoft outage stranded passengers at many airports
The global Microsoft outage stranded passengers at many airports (AP)

When the faulty update was rolled out on 19 July, Falcon expected the system to have 20 input fields, but it had 21 instead.

This “count mismatch” flooded the memory of systems and led to the global Microsoft crash.

Investors sue CrowdStrike over global outage loss of $25 million

“The content interpreter expected only 20 values,” the report explains, meaning the bug sent computers in a tailspin trying to look for the source of the extra data that simply wasn’t there.

“Therefore, the attempt to access the 21st value produced an out-of-bounds memory read beyond the end of the input data array and resulted in a system crash.”

Time Square billboards in New York go blank due to the global Windows outage
Time Square billboards in New York go blank due to the global Windows outage (Getty)

Since Falcon is closely knit with Windows, its crash brought down the entire system.

“We apologise unreservedly and will use the lessons learned from this incident to become more resilient and better serve our customers. To any customer still affected, please know we will not rest until all systems are restored,” CrowdStrike said on X.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in