As CrowdStrike and its enterprise customers recover from The recent blackout catastropheand it is already public knowledge that A pushed update caused the problemThe company has hired two security firms to investigate the matter further.
The external code review was announced in a root cause analysis (PDF), although it was already known in the course of a post incident review that a system designed to validate content (a 'Content Validator') failed to activate, allowing a faulty IPS template instance intended to detect attacks to validate, causing crashes due to out-of-bounds memory reads.
CrowdStrike has announced that it intends to mitigate similar update issues in the future by staggering the rollout of templates across all devices, and that its content validator now has runtime limits, preventing the same memory issues from occurring. It also intends to conduct further internal testing, but only time will tell if this will have a significant impact.
CrowdStruck (with a corporate lawsuit)
Even if you're not entirely sure what a content validator is or how exactly memory reads can go beyond your station, you can probably imagine that a phased update rollout system sounds like a good idea for a company with software. installed on millions of Windows PCs.
CrowdStrike shareholders have been thinking along the same lines and have already… filed a class action lawsuit against the company for not implementing such a system. Delta, for its part, is suing on the basis of loss of income over a six-day period – which CrowdStrike says, perhaps rightly, is Delta's fault, actually,
On the other hand, he also said, regarding the shareholders' case, that he believes the case “lacks merit,” and it's hard to argue that given that the implementation, or lack thereof, of a continuous patching system falls entirely on CrowdStrike.
Via The Register
