Firm behind worst global IT crash gives update on cause

CrowdStrike, the cybersecurity firm behind last week's major global IT crash, has blamed a bug in its quality control mechanism for the carnage.

In an update on its investigation into the crisis, which is still being felt, CrowdStrike said a code fault had slipped past its own safety procedures, forcing computers running Microsoft's Windows operating system to crash.

The cause of Friday's outage, which knocked out systems across the world disrupting everything from flights to health appointments, focused on the company's Falcon Sensor.

Money latest: Fans fume at 'disgusting' prices to see star of the moment

The platform protects systems from malicious software and hackers.

"Due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data," the company explained.

CrowdStrike did not say what that content data was or explain why it was problematic.

A 'Template Instance' is a set of instructions that guides the software on what threats to look for and how to respond.

CrowdStrike added that a "new check" had since been put in place in a bid to prevent a repeat of the issue.

The extent of the economic damage is still being assessed and may never be truly known.

A report by insurer Parametrix, carried by the Reuters news agency, estimated on Wednesday that the total direct financial loss facing US Fortune 500 companies, excluding Microsoft, was $5.4bn.

Read more:
The company behind the world's worst IT disaster
Who will pay for the widespread CrowdStrike disruption?

Delta is among global airlines still struggling to restore systems fully, resulting in more cancellations and delays.

Malaysia has publicly called for both CrowdStrike and Microsoft to cover losses in the country.

In the UK, the vast majority of systems are back up and running though manually removing the rogue code is reportedly taking time for some Windows operators without IT teams.

The NHS has warned of a knock-on effect due to thousands of lost appointments.

CrowdStrike chief executive George Kurtz has been asked to testify before the US House of Representatives' homeland security committee.