CrowdStrike's senior VP for counter adversary operations, Adam Meyers, apologized before a US House cyber security subcommittee for a faulty software update that crashed millions of Windows machines, causing widespread disruptions. The update, intended to improve threat detection, instead triggered issues within the sensor, leading to system crashes and impacting various services including transportation, healthcare, and emergency communications.
CrowdStrike is"deeply sorry" for the"perfect storm of issues" that saw its faulty software update crash millions of Windows machines, leading to the grounding of thousands of planes, passengers stranded at airports, the cancellation of surgeries, and disruption to emergency services hotlines among many more inconveniences.
That apology came on Tuesday when CrowdStrike's senior VP for counter adversary operations, Adam Meyers, appeared before a US House of Representatives cyber security subcommittee hearing about the global IT mess CrowdStrike made.the invitation to testify. This meant Meyers had the unenviable task of trying to explain what went wrong, and what the security vendor is doing to ensure it never happens again.
"If you think about a chessboard trying to move a chess piece to someplace where there's no square. Effectively, this is what happened at the sensor, so when it tried to assess the rule, it was not able to do what the rule was asking it to do, which triggered the issue within the sensor.
Meyers responded by warning its wares may become less effective without kernel access. Today, he argued, security products like Falcon"have visibility into everything happening on that operating system."Scattered Spider Scattered Spider, he warned, has been"using new techniques to elevate their privilege in order to disable security tools on a regular basis," adding that"In order to stop that from happening, we will continue to leverage the architecture of the operating system."after the House subcommittee hearing:"Doing these kinds of updates 10 times a day into the kernel, by definition, is just more risky.
Crowdstrike Software Update Windows Crash Cybersecurity Disruption
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
CrowdStrike apologizes to Congress for 'perfect storm' that caused global IT outageArgues worse could happen if it loses kernel access
Read more »
Microsoft is updating Windows to avoid repeat of CrowdStrike catastropheExisting low-level kernel access for security solutions will undergo a rework
Read more »
Windows 11 continues slog up the Windows 10 mountainAlmost three years on and many customers have yet to make the move
Read more »
1 in 10 orgs dumping their security vendors after CrowdStrike outageMany left reeling from July's IT meltdown, but not to worry, it was all unavoidable
Read more »
CrowdStrike: What was the impact of the global IT outageCancer delays, holidays ruined, businesses out of pocket - the CrowdStrike outage examined.
Read more »
CrowdStrike hopes legal threats will fade as time passes since it broke the worldCFO says company hasn't been sued by any customers – yet
Read more »