CrowdStrike Releases the Root Cause Analysis (RCA)

preview_player
Показать описание
Cyber Security News
Root Cause Analysis — Channel File 291
  1. Knee Payne ◎
  2. cyber security
  3. information technology
  4. crowdstrike
  5. endpoint
  6. news
Рекомендации по теме
CrowdStrike Releases the 0:06:39

CrowdStrike Releases the Root Cause Analysis (RCA)

IT WAS A 0:51:21

IT WAS A REGEX?!? - Full CrowdStrike Report Released

Real men test 0:05:57

Real men test in production… The truth about the CrowdStrike disaster

Why blame Microsoft? 0:00:51

Why blame Microsoft? Here's the actual root cause of the CrowdStrike Outage

CrowdStrike Outage Explained 0:10:53

CrowdStrike Outage Explained by Keith Barker CCIE

🚨 CrowdStrike Root 0:18:44

🚨 CrowdStrike Root Cause Released, Microsoft Hits Back, Remote Wipe Devices, Interpol Recovery

CrowdStrike Outage Root 0:01:00

CrowdStrike Outage Root Cause Analysis

CrowdStrike IT Outage 0:13:40

CrowdStrike IT Outage Explained by a Windows Developer

CrowdStrike Root Cause 0:06:49

CrowdStrike Root Cause Doc: Breakdown of Lessons Learned

Crowdstrike Root Cause 0:07:08

Crowdstrike Root Cause Analysis Overview

CrowdStrike Outage Root 0:02:32

CrowdStrike Outage Root Cause Analysis

What is CrowdStrike 0:03:09

What is CrowdStrike and why was there a Microsoft outage?

The CrowdStrike Problem 0:13:04

The CrowdStrike Problem Isn’t A Simple Fix…

CrowdStrike CEO: ‘We 0:05:17

CrowdStrike CEO: ‘We know what the issue is’ and are resolving it

CrowdStrike, Microsoft outage 0:03:56

CrowdStrike, Microsoft outage explained

CrowdStrike founder and 0:00:32

CrowdStrike founder and CEO apologizes for worldwide computer outages

Microsoft outage cause 0:05:06

Microsoft outage cause Explained | Why it happened, What is the reason, BSOD | What is CrowdStrike

CrowdStrike Disaster: Causes, 0:16:19

CrowdStrike Disaster: Causes, Impact, and How to Prevent Future Outages

The CrowdStrike Crisis 0:18:50

The CrowdStrike Crisis Proves The Software Industry MUST CHANGE

Inside the Crowdstrike 0:05:03

Inside the Crowdstrike Root Cause Analysis

Lesson from Microsoft 0:00:56

Lesson from Microsoft Outage | Crowdstrike Cybersecurity

Finally CrowdStrike explained 0:04:30

Finally CrowdStrike explained what actually happened!! #crowdstrike #yt

Crowdstrike Windows Update 0:08:30

Crowdstrike Windows Update Causes Major Computer Outages Worldwide

Network Admin Life 0:17:09

Network Admin Life - CrowdStrike Root Cause Analysis

Комментарии
Автор

If I am understating this correctly, it was a very deterministic error: if you install the channel file, you get the error 100% of the time. So the incident could have been avoided by just installing the update on one test machine before releasing it to the "valued customers". Code inspection and "synthetic" testing are great for detecting errors before you deploy code, but you still have to do testing in actual conditions on a limited scale before pushing an update to thousands of systems.

DQSoft
Автор

- The error first accrued when a mismatch happened between what was validated (21 inputs) and what was provided after the validation (only 20 inputs).
- The testing face of a non-wildcard passed (Undetected). It was introduced in July 19, 2024.
We can safely say It was a faulty testing process and a miss communication between "Content Validator" and "Content Interpreter"
which made input 21 in an "out-of-bounds" state.
I would say this thou:
Thank you CrowdStrike for releasing the RCA soon and in depth, it told me that you have the professional skills that is needed to solve problems, but, it is clearly a mismanagement problem that could have been avoided with a close inspections. Give your skilled developers time and let them check all of your systems manually. Don't rush updates and always ask "What we missed?" and double check.

Aksel_
Автор

All I can say is they should have caught this. I worked in software dev and testing for a major telephone carrier before I retired and that environment is even more critical than CloudStrike. We had to prove our test suite was as bulletproof as humanly possible. One set of testing was done and sourced from our call center. These techs basically had no training on what they were testing and we wanted it this way (by the way, this wasn't the only testing gate). If something was going to break, these techs could do it. Not on purpose, of course. If a piece of software required any external touching, reading, writing of ANY file, you were expected to come up with a way to break it, then test for that later 14 ways from Sunday, to borrow a phrase. Sorry, I'm ranting a bit, but an outage like this was preventable, IMO.

parrottm
Автор

Microsoft has stated that some of the issues are old system that should have been updated year ago. So makes sense some companies will still be dealing with this.

alexcardosa
Автор

Weird, I have had daily updates from Crowdstrike

drussthelegend
Автор

I suppose the big question most folks have after this debacle is: can they be trusted that this won't happen again? I... probably wouldn't bet on it.

Aikurisu
Автор

I still don't understand the part where the development and testing phase didn't detect the mismatch. If the content interpreter expected 21 and the sensor was only supplying 20, the wildcard pattern matcher wouldn't magically create a 21st field. Shouldn't it have crashed then too? Or did the wildcard match something in the sensor data and mark that as the 21st field which when it changed to a non wildcard pattern didn't match anything and then led to OOB access ?

zoso
Автор

All these companies including the one I work for should not be using Crowdstrike, or all running the same AV/firewall software in general, the very idea of it just sounds like a disaster waiting to happen, and when it happens as it did, it will affect a large majority running the same tool.
This is what happens when business/corporations go cheap and all relay on the same service.

vhnetwork
Автор

Looks like they're taking a modicum of accountability.

applejuicecity
Автор

Do their little white lies and subtle credit hogging for any minor role in rectifying their own mistake make you feel better?
Alongside your own constructive criticism and support, of course. A little complimentary misdirection is key in selling sincerety and hedging some of the public criticism leading up to the court case. :/

Crazy that a mismatch in the number of data points snowballs into ultimately nobody getting any at all...?

TriggerJim
Автор

The real question is why only a handful of company's control the space, kind of scary when one player has so much control.
If one day MS has the same problem, it's going to be a nightmare.
Well we kind of had the same problem in the early W10 days~

liaminwales