Hello, security engineer that has installed CrowdStrike on thousands of computers.
A thread on the outage and what is exactly happening.
Here’s a quick explainer on what *seems* to be the cause of the CrowdStrike outage and why it happened so quickly.
I read somewhere else that this analysis is incorrect. They were saying it wasn’t caused by something in the threat intelligence feed, but an updated .sys file(a driver component) that CrowdStrike inexplicably pushed to all clients at once.
That explanation is even funnier, because they pushed a software update to everyone at once instead of the widely used practice of staged rollouts of updates. Normally big companies push updates to a very small number of users first, then gradually increasing the number so they can get bug reports before wrecking every system.
I read somewhere else that this analysis is incorrect. They were saying it wasn’t caused by something in the threat intelligence feed, but an updated .sys file(a driver component) that CrowdStrike inexplicably pushed to all clients at once.
That explanation is even funnier, because they pushed a software update to everyone at once instead of the widely used practice of staged rollouts of updates. Normally big companies push updates to a very small number of users first, then gradually increasing the number so they can get bug reports before wrecking every system.
if you read the thread he gets there: https://subium.com/profile/ira.bailey.nz/post/3kxmvj2zwsf2p