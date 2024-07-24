CrowdStrike said Wednesday that the July 19 worldwide IT outage was caused by an undetected error in a Rapid Response Content Falcon update. It brought air travel to a standstill, impacted 911 emergency services and operations at banks, hospitals, TV networks and stock exchanges. Passengers impacted by the outage seen at Istanbul Airport, Turkey, July 19. Photo by Tolga Bozoglu/EPA-EFE

July 24 (UPI) -- CrowdStrike said Wednesday the worldwide IT outage impacting air travel, 911 services, television and public infrastructure last week was caused by an undetected error in a Rapid Response Content Falcon update. Rapid Response Content is "designed to respond to the changing threat landscape at operational speed," according to CrowdStrike.

"Due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data," CrowdStrike said in a statement.

That bug caused a Windows operating system crash.

It was part of the Falcon content update for Windows hosts that took 8.5 million computers offline.

CrowdStrike said the event that triggered the outage July 19 was a content configuration update for "the Windows sensor to gather telemetry on possible novel threat techniques."

Sensor content updates from the company are not dynamically updated from the cloud. Instead, it comprises code that includes AI and machine learning models for CrowdStrike's threat detection engineers.

"Rapid Response Content provides visibility and detections on the sensor without requiring sensor code changes," CrowdStrike's statement said. "This capability is used by threat detection engineers to gather telemetry, identify indicators of adversary behavior and perform detections and preventions. Rapid Response Content is behavioral heuristics, separate and distinct from CrowdStrike's on-sensor AI prevention and detection capabilities."

To prevent the global IT crash from happening again, CrowdStrike said it is improving Rapid Response Content updates with greater resiliency and testing.

That will include local developer testing as well as enhanced error handling.

Additional validation checks are being also being added "to guard against this type of problematic content from being deployed in the future," according to CrowdStrike.

A staggered deployment strategy for Rapid Response Content will also be used to gradually deploy the updates.

Emergency 911 services were affected by the July 19 incident in several U.S. states while air travel came to a standstill. But the event was not a cyberattack, according to CrowdStrike.

The Federal Communications Commission investigated the outage.

Some TV networks were unable to broadcast and banks, hospitals and stock exchanges were also impacted.