CrowdStrike said the problem caused a series of Windows devices to turn blue screens due to poor update file quality control processes.
"Due to an error in the content validator, one of the two Template Instance instances passed the validation process, despite containing questionable data," a CrowdStrike representative explained on the 24/7 blog, referring to the mechanism. There was a problem with the internal quality control mechanism, causing a poor-quality Falcon Sensor updates to pass safety testing. Template Instance is a set of software instructions about threats and how to respond.
CrowdStrike says the company currently delivers Falcon Sensor updates in two ways. First, Sensor Content is sent directly, not through the cloud, in clear code to provide long-term reuse, helping engineers detect threats. Second, Rapid Response Content is designed to respond to changing threats in real time, stored in files containing configuration data and updated via the cloud. The incident on July 19 was due to an error updating Rapid Response Content.
CrowdStrike doesn't say what that content data is, but says the problem comes from the channel file in the %WINDIR%\System32\drivers\CrowdStrike folder. The company has added a new check to its quality control process to prevent errors from happening again.
On July 19, millions of devices received a "Blue Screen of Death" (BSoD) error message after CrowdStrike deployed the Falcon Sensor update for Windows. This is considered the most extensive incident related to BSoD since the feature was introduced.
According to Microsoft's announcement, 8.5 million computers running Windows are affected. Experts say a full recovery could take weeks. The extent of the damage is still being assessed. According to Reuters, insurance company Parametrix estimates that businesses in the Fortune 500 group, excluding Microsoft, could face total losses of up to 5.4 billion USD due to the incident. Meanwhile, Malaysian Digital Minister Gobind Singh Deo called on CrowdStrike and Microsoft to consider compensating affected companies in the country.
Apologize with a gift card.
On social networks X, Facebook and Reddit, some people posted screenshots of gift cards and emails sent by CrowdStrike on July 23, with an apology and signature of Business Director Daniel Bernard.
"To show our gratitude, we'll give you a cup of coffee or a late-night snack," Bernard wrote.
However, some complained the card did not work when they tried to redeem gifts. Speaking to Business Insider, a CrowdStrike spokesperson confirmed the company sends gift cards, but not to end users.
"CrowdStrike does not send gift cards to users. They are for colleagues and partners who have helped customers through the recent difficult situation," a CrowdStrike representative said, saying that Uber gave the cards appearing on social networks falls into the category of "fraud" and cannot be used.