CrowdStrike outage renews supply chain concerns, federal officials say

Federal officials said the global IT outage stemming from a faulty CrowdStrike software update is raising prior concerns about the security of the software supply chain.

The U.S. Government Accountability Office released a report Tuesday noting the July 19 outage, which led to the disruption of 8.5 million Microsoft Windows systems. The CrowdStrike incident resurrected concerns raised during the state-linked supply chain attack against SolarWinds in 2020, according to the GAO.

The CrowdStrike incident highlights specific warnings about memory safety issues in software development, the White House said on Thursday The remarks build on a February report that raised questions about the link between memory safety issues and software vulnerabilities.

“ONCD has been diligently working to address the multifaceted challenge of ensuring our nation’s cybersecurity,” a spokesperson for the Office of the National Cyber Director told Cybersecurity Dive via email Thursday. “As part of the implementation of the National Cybersecurity Strategy, our office continues to look at the hard problem of memory safety vulnerabilities.”

ONCD released a report in February calling on the tech industry to adopt memory safe programming languages and memory safe chip architecture. It also called on the research community to help improve the ability to diagnose and measure software security.

Companies including SAP, Palantir and Hewlett Packard Enterprise backed the administration’s effort to embrace memory safe code.

Microsoft and CrowdStrike have closely reviewed the outage to confirm how such a massive outage could have been prevented and are exploring ways to mitigate such an incident in the future.

Microsoft confirmed the faulty software update in the CrowdStrike Falcon platform was related to a read-out-of-bounds memory safety error in the CrowdStrike developed CSagent.sys driver, the company said in a blog post released on Saturday

CrowdStrike said a rapid response content update was released on July 19 to gather additional information on new adversary techniques. The content was published to Windows hosts running sensor version 7.11 and above, according to the CrowdStrike update.

The update contained “problematic content, which caused affected Windows systems to crash due to an out-of-bounds memory read,” CrowdStrike said.

The Cybersecurity and Infrastructure Security Agency said it is working with government and industry partners to understand the impact of the IT outage and provide additional support.

‘As America’s cyber defense agency and the national coordinator for critical infrastructure security and resilience, we are committed to thinking beyond the incident and working with organizations to ensure appropriate levels of business continuity and resilience,” a CISA spokesperson said via email.