CrowdStrike disclosed that the faulty Falcon update resulting in the widespread global IT outage that disrupted nearly 8.5 million Windows systems last week had been missed due to a vulnerability in the firm's Content Validator tool, reports BleepingComputer.
While IPC Template Instances delivered to the Falcon sensor via Rapid Response Content updates between March and April were thoroughly examined by CrowdStrike's Content Validator, one of the two other IPC Template Instances pushing the identification of Named Pipes exploitation deployed last week was not determined to be problematic due to the flaw, according to CrowdStrike. Moreover, additional testing was no longer conducted based on trust from prior evaluations. Such an incidence has prompted CrowdStrike to bolster Rapid Response Content evaluations with local developer testing, content update and rollback testing, stress testing, fuzzing, and fault injection, content interface testing, and stability testing, as well as include more validation checks to the Content Validator tool. CrowdStrike also committed to adopt a staggered release for Rapid Response Content, as well as strengthened sensor and system performance tracking during the deployment process.
