CrowdStrike Releases Preliminary Post-Incident Review into Global Microsoft Outage

In a recent preliminary Post Incident Review (PIR) conducted by CrowdStrike into the global Microsoft outage, a defect in the Rapid Response Content was identified as the cause of the outage. This defect went undetected during validation checks, leading to crashes on Windows systems running the Falcon Sensor.

CrowdStrike has already started implementing measures to prevent such outages in the future. Some of the initiatives identified in the PIR include improved Rapid Response Content testing, additional validation checks in the Content Validator, enhanced Resilience and Recoverability, and strengthening error handling mechanisms in the Falcon sensor.

According to the PIR, a content configuration update impacted the Falcon Sensor and the Windows Operating System, resulting in crashes on systems that were online during a specific time period. George Kurtz, CrowdStrike Founder and CEO, expressed apologies for the outage and assured that all systems are being restored.

CrowdStrike is also working closely with impacted customers and partners to ensure a smooth restoration process. Despite the outage, the Falcon platform systems are operating normally, with no disruption to protection if the Falcon Sensor is installed with Falcon Complete and Falcon OverWatch services.

Warnings have been issued against potential exploitation of the outage by ‘bad actors’. CrowdStrike is committed to implementing enhanced software testing procedures and quality processes to prevent such incidents from happening again.