CrowdStrike, which was the main culprit in the recent Windows OS crash on more than 8.5 million computers, has decided to change its software update policy. According to Dark Reading, two class action lawsuits have already been filed against the company, so it plans to significantly review the process of preparing and mass deployment of updates.
In order not to repeat the mistakes of the past, the company promised to create a new procedure for testing content, introducing additional stages of software implementation and new checks of its reliability, as well as new mechanisms for validating updates. CrowdStrike also asked two third-party vendors to analyze its Falcon Sensor software, which caused the incident. In addition, they should evaluate the quality control system and product release mechanism.
Image Source: Surface/unsplash.com
The problems for CrowdStrike, Microsoft and millions of users around the world began on July 19, after the release of the Falcon update. An automatically deployed update crashed OSes around the world. In many cases, system administrators had to manually reboot computers, including resorting to unusual tricks – in companies with large PC fleets, the recovery took days.
At least two class action lawsuits have already been filed against CrowdStrike, on behalf of the company’s shareholders and on behalf of affected customers. Delta Air Lines, which it says has lost half a billion dollars, has been particularly aggressive; it and others could file their own lawsuits soon, despite excuses from CrowdStrike and Microsoft.
The cause of the failure turned out to be insufficient quality testing of the update system for Falcon Sensor. Changes to it were made back in February 2024, but the audit showed that they successfully passed automatic validation and multi-stage testing, although this should not have happened. Moreover, the problem did not make itself felt even during limited tests on real users.