CrowdStrike’s Bug Fix: What You Need to Know About the Latest Update

CrowdStrike logo with company info

We’re back with the latest on the CrowdStrike issue. CrowdStrike recently released an elaborate 12-page report titled the Channel file 291 Incident Root Cause Analysis. Today we’re breaking down this technical document into simple terms starting with a quick rundown of events. 

On July 19, 2024, CrowdStrike discovered a bug in their security software that caused Windows to crash. This impacted everything from airlines to banks to healthcare systems in many countries. Again, it wasn’t a cyberattack. Just the software trying to read more information from memory than it should’ve. For insights on how Molaprise can assist with these issues, check our previous blog!

 

Bug Details 

Imagine trying to grab 21 pieces of data when there are only 20 pieces available – that’s exactly what this software did. Its attempt to read more information from the computer’s memory than was available (an out-of-bounds read) caused the system to crash. The root cause was a coding error in a new feature which was overlooked during testing and deployment. It wasn’t a security risk however because hackers couldn’t do anything harmful like stealing your data and CrowdStrike’s software has several layers of protection. In view of that certain measures were taken:

  • Data Field Adjustment – A patch has been released to correct the data mismatch.
  • Enhanced Safety Checks –  New safeguards have been added to prevent accessing invalid data.
  • Expanded Testing – Testing procedures have been improved to cover more scenarios.
  • Validation Improvements – Additional validation checks have been implemented before software releases.
  • Phased Updates – Future updates will be deployed in stages to identify and address issues early.

 

CrowdStrike’s Layers of Protection 

  • Certificate Pinning – The Falcon sensor only accepts specific SSL/TLS certificates. This ensures that the software only communicates with trusted servers and prevents Man-in-the-Middle (MitM) Attacks. 
  • Checksum Validation – This process verifies that the channel files haven’t been altered during transmission or storage. 
  • Access Controls – Verified channel files are stored in a directory that requires administrator privileges to access or modify. Only users with full admin rights can attempt to tamper with the file. 
  • Anti-Tampering Alerts – The system is designed to detect attempts to modify files outside the standard delivery and update mechanisms outlined above. 

 

The Wake of The Incident 

Once the outage gained media attention, the NCSC observed an increase in phishing, domains & URLs impersonating CrowdStrike and the distribution of malware disguised as recovery software and security updates by attackers. 

CrowdStrike is currently working on improving their security and appreciates feedback from the security community. They even have a Bug Bounty program to find and fix potential issues. 

For the latest updates on the issue visit CISA’s dedicated CrowdStrike update alert page. 

Share the Post:

Stay Connected

Subscribe to the Molaprise mailing list

Sign up for updates on the latest on our partners, Industry trends, news, products deals and more.

RELATED POSTS