CrowdStrike, a leading cybersecurity firm, is making two significant changes to its update procedures following a major outage in July that left airports, businesses, and governments worldwide grappling to recover. This outage, caused by a faulty update, disrupted over 8.5 million Windows devices running CrowdStrike’s Falcon endpoint sensor, a tool critical to the operations of various essential sectors, including airlines, hospitals, and banks.
A New Approach to Updates
In a testimony before the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, Adam Meyers, CrowdStrike’s senior vice president, explained the new measures. Customers will now have more control over when they receive updates. Meyers revealed that they can choose to be part of the early wave of recipients—acting as initial testers for new updates—or opt for a later, more stable release.
Furthermore, CrowdStrike is revamping its internal verification process for these updates. The company acknowledged that for over a decade, validators responsible for checking the integrity of updates failed to detect the flawed configuration that caused the widespread disruption in July. The error, which CrowdStrike initially downplayed as a non-code update, was actually a configuration issue involving threat information sent to the Falcon sensor.
Treating Updates Like Code
One of the more notable revelations from Meyers’ testimony was that CrowdStrike is now treating all updates, even configuration updates, as code. This new approach means that updates will undergo rigorous testing and quality assurance before deployment, a process CrowdStrike refers to as “dogfooding.” Previously, only software code was subject to this level of scrutiny, but going forward, even minor updates will go through the same stringent checks.
“This is a step that goes beyond the current industry standard,” Meyers emphasized, adding that the new protocol aims to prevent similar incidents in the future.
Kernel Access and Cybersecurity Risks
Meyers also faced tough questions from Congress regarding CrowdStrike’s deep access to the Windows kernel—a central component of the operating system that controls hardware interactions. Some lawmakers raised concerns about the potential risks of granting security products such extensive control.
Meyers defended the necessity of kernel-level access, explaining that it allows security tools like CrowdStrike’s to detect and block threats before they can infiltrate the system. Without this access, he argued, threat actors—especially those backed by nation-states—could easily insert themselves into the kernel and disable security protections.
“Kernel visibility is essential to preventing cybercriminals from tampering with security products,” he said, reiterating that this level of access is not unique to CrowdStrike but is utilized across the cybersecurity industry.
Financial Fallout and Litigation Threats
The financial repercussions of the outage are staggering. Delta Airlines alone reported losses exceeding $500 million due to thousands of flight cancellations, while Fortune 500 companies are estimated to have collectively suffered more than $5.4 billion in damages. CrowdStrike is now facing a wave of potential lawsuits, not only from businesses but also from its investors. The Plymouth County Retirement Association, for instance, has already filed a lawsuit in Texas following a significant drop in CrowdStrike’s stock price after the incident.
Despite these challenges, CrowdStrike has responded with confidence, stating that it will defend itself vigorously against any litigation.
Moving Forward
CrowdStrike’s swift action to overhaul its update process is a critical step in restoring trust. While the financial fallout and legal battles may drag on, the company’s commitment to improving its internal processes reflects a broader lesson for the industry: in a world increasingly reliant on cybersecurity, even minor missteps can lead to major consequences.
As these changes take effect, the hope is that CrowdStrike—and the industry at large—will learn from this incident, ensuring that critical systems remain protected from both external threats and internal errors.
Watch the full conference and learn more about CrowdStrike’s recent testimony, we have the video available below.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
