CrowdStrike executive apologizes to US Congress for software bug behind July Microsoft outage

A senior executive at cybersecurity firm CrowdStrike apologized to a U.S. House of Representatives subcommittee on Tuesday for a faulty software update that caused a global IT outage in July.

CrowdStrike’s content-configuration update for its Falcon Sensor security software has led to system crashes worldwide, Adam Meyers, CrowdStrike’s senior vice president of counter-offensive operations, told the House Homeland Security Cybersecurity and Infrastructure Protection subcommittee.

“We are deeply sorry that this happened and are committed to preventing it from happening again,” Meyers said. “We have conducted a comprehensive review of our systems and have begun implementing plans to strengthen our content update procedures so that we emerge from this experience a stronger company.”

He said the problem was not caused by a cyberattack or caused by artificial intelligence.

The July 19 incident led to worldwide flight cancellations and affected industries worldwide, including banks, healthcare, media companies and hotel chains. The outage disrupted internet services, affecting 8.5 million Microsoft Windows devices.

“We cannot allow a mistake of this magnitude to happen again,” said Representative Mark Green, chairman of the House Homeland Security Committee, describing the events as “a disaster you would expect to see in a movie.”

Meyers said on July 19 that new threat detection configurations were validated and pushed to sensors running on Microsoft Windows devices, but “the configurations were not understood by the Falcon sensor’s rules engine, thus causing the affected sensors to fail until the problematic configurations were changed.”

Delta Air Lines vowed to take legal action, saying the outage forced the cancellation of 7,000 flights, affected 1.3 million passengers over five days and cost it $500 million. CrowdStrike rejected Delta’s claim that it should be held responsible for the massive flight disruptions.

CrowdStrike lowered its revenue and profit forecasts last month following a faulty software update and said the environment would remain challenging for about a year.