Patch to perdition: How one update crippled the world

On 19 July, a global cyber outage resulted from a faulty software security update labelled C-00000291*.SYS. This incident starkly demonstrated how quickly global digital infrastructure can fail within hours.

Why Did It Happen?

The outage occurred due to insufficient testing and oversight of a CrowdStrike software security update. Companies failed to adequately scrutinise their partners, leading to a significant Windows operating system availability issue.

The CrowdStrike software patch containing the file C-00000291*.SYS clashed with an existing file in the Windows system path (windows\system32), causing Microsoft Windows to stop responding. This led to a system crash and the infamous blue screen of death on many affected devices.

Importance of Software Patch Updates

Regular software updates for Android, Apple, and Windows operating systems and other software are crucial. A software security patch addresses the latest security vulnerabilities that attackers could exploit. 

These patches close security gaps, preventing potential breaches, data theft, and other cyber threats. Regular updates ensure the software remains secure, stable, and compliant with industry standards, safeguarding sensitive information and maintaining trust.

Resolution to the Crisis

To prevent similar incidents, companies can take the following three steps.

Thorough testing: Rigorous testing of software updates before deployment is crucial.

Diverse technology stack: Use various operating systems like Linux and diverse security tools for critical systems.

Quick recovery plans: Implement Business Continuity Plan (BCP) and Disaster Recovery Plan (DR) strategies to revert to a working version if issues arise quickly.

Securing Digital Communication Infrastructure

Such incidents can happen to any software. Indian government and companies must focus on developing their own critical computer systems to reduce dependency on foreign technologies and gain control over their technological future, independent of big tech companies.

To strengthen the digital ecosystem, companies should adopt a 10-step measure.

1.    Redundancy plan: Have backups to avoid relying on a single security tool or system.

2.    Testing software patch updates: Thoroughly test all software updates before release and installation on company infrastructure.

3.    Incident response: Prepare a swift and effective response plan for any security incident.

4.    Security testing: Regularly test systems to identify and address vulnerabilities using Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR).

5.    Continuous improvement: Regularly secure patch updates and enhance security measures.

6.    High availability mode: Implement redundant systems to minimise downtime.

7.    Eliminate single points of failure: Use multiple cloud providers and security tools to spread risk.

8.    BCP and DR plans: Develop and regularly test a robust disaster recovery plan.

9.    Controlled software patch updates: Manage updates carefully and avoid automatic installations and testing before release.

10.     Vendor management: Thoroughly assess software patch updates from vendors before deployment.

By focusing on these principles and incorporating new strategies, we can build a more resilient and secure digital infrastructure, ensuring a stable and safe technological future.

By Tarun Malhotra

The author is a cyber security expert and the Founder & Managing Director of Cyber Cops