CrowdStrike, a leading endpoint detection and response (EDR) provider, found itself in hot water due to a major outage caused by their configuration update. As reported by CrowdStrike, on July 19, 2024, as part of ongoing operations, they released a sensor configuration update to Windows systems. This update triggered a logic error resulting in a system crash and blue screen (BSOD) on impacted systems.

The sensor configuration update that caused the system crash was remediated on the same day. CrowdStrike assured the public that this issue was not the result of or related to a cyberattack.

Though it has been resolved, the incident caused widespread disruptions across various industries, affecting businesses, hospitals, airlines, and critical infrastructure globally. It also raised concerns about the reliability of vital cybersecurity infrastructure and the potential impact of unexpected outages on businesses and organizations.

The ITS Information Security Office is aware of these concerns and is always working to ensure that cybersecurity risks are mitigated or avoided altogether, including the impact of unexpected outages.

CrowdStrike's Single Point of Failure

The incident, triggered by a faulty update that was automatically pushed to users running CrowdStrike’s Falcon sensor for Windows version 7.11 and above, exposed a critical vulnerability in CrowdStrike's centralized infrastructure. The CrowdStrike outage was attributed to a single point of failure within their system, which caused a cascading effect, impacting their Falcon platform and leaving many clients’ systems vulnerable. This incident highlights the risks of relying on a single vendor or a centralized system for critical security functions, especially if updates are not thoroughly tested or gradually rolled out.

UCR's Phased Approach to Updates

At UCR, we take a proactive approach to cybersecurity by implementing a phased-release strategy for updates and patches. This method allows us to thoroughly test and validate changes in a controlled environment before deploying them campus-wide. By gradually rolling out updates, we minimize the risk of unexpected issues and ensure the stability of our IT infrastructure.

UCR’s EDR Tool

EDR tools are essential cybersecurity solutions that continuously monitor and protect devices like laptops, desktops, and servers from cyber threats such as malware and ransomware. UCR does not currently use CrowdStrike as our EDR tool.

UCR's Commitment to Cybersecurity

The ITS Information Security Office is dedicated to maintaining a secure and reliable computing environment for our students, faculty, and staff. We continuously monitor the threat landscape and adapt our security measures to address emerging risks. Our proactive approach to updates and patches demonstrates our commitment to safeguarding the UCR community from cyber threats.