HanYuAce

网络安全公司CrowdStrike:技术漏洞让坏数据漏网,导致全球技术停摆

CrowdStrike: Technical Flaw Led to Global Tech Outage Due to Bad Data

科技
26 Jul 2024
美国之音

2024年7月19日,一名技术人员在芝加哥奥黑尔国际机场联合航空公司登机口附近的信息显示屏上工作。此前错误的 CrowdStrike 更新导致运行微软Windows 的计算机出现重大互联网中断。(美联社照片)

CrowdStrike将责任归咎于更新中的一个漏洞,该漏洞导致其网络安全系统将不良数据推送到数百万台客户计算机上,引发了上周的全球技术停摆,导致航班停飞,电视广播中断,并扰乱了银行、医院和零售商。

CrowdStrike blamed a flaw in an update that caused its cybersecurity system to push bad data to millions of customer computers, triggering last week's global tech outage that grounded flights, disrupted television broadcasts, and affected banks, hospitals, and retailers.


CrowdStrike还概述了为防止问题再次发生而将采取的措施,包括错开更新的推出时间,让客户更好地控制更新的时间和地点,以及提供有关其计划更新的更多详细信息。

CrowdStrike also outlined measures it will take to prevent the problem from recurring, including staggering update rollouts, giving customers more control over when and where updates occur, and providing more details about its planned updates.


该公司星期三(7月24日)在网上发布了其对停摆的"初步事件后审查"的详细信息,这场停摆给许多为该网络安全公司的软件服务付费的企业带来了混乱。

The company posted details of its "preliminary post-incident review" of the outage online on Wednesday (July 24), which caused chaos for many businesses that pay for the cybersecurity company's software services.


这家设在德克萨斯州的公司表示,该问题涉及其Falcon平台的内容配置更新中的"未检测到的错误",影响了Windows机器。

The Texas-based company said the issue involved an "undetected error" in a content configuration update for its Falcon platform, affecting Windows machines.


内容验证系统中的一个漏洞使得"有问题的内容数据"部署到了CrowdStrike的客户。该公司表示,这引发了"意外异常",导致Windows操作系统崩溃。

A flaw in the content validation system allowed "problematic content data" to be deployed to CrowdStrike's customers. The company said this triggered "unexpected exceptions," causing Windows operating systems to crash.


CrowdStrike表示,作为新预防措施的一部分,它还在加强内部测试,并实施"新的检查",以阻止"此类有问题的内容"再次部署。

CrowdStrike said that as part of new preventive measures, it is also enhancing internal testing and implementing "new checks" to prevent "such problematic content" from being deployed again.


CrowdStrike表示,在星期五停摆的约850万台计算机中,"相当一部分"已经恢复运行。目前客户和监管机构正在等待对问题所在进行更详细的解释。

CrowdStrike said that "a significant portion" of the approximately 8.5 million computers affected by Friday's outage have been restored to operation. Customers and regulators are currently awaiting a more detailed explanation of the issue.


一旦调查完成,CrowdStrike表示将公开发布对崩溃的全面分析。

CrowdStrike said it will publicly release a comprehensive analysis of the crash once the investigation is complete.


这次停摆造成了连续数天的广泛技术破坏,凸显了当前世界对少数主要计算服务提供商的依赖程度,并引起了监管机构的注意,他们希望获得有关问题所在的更多信息。

This outage caused widespread technological disruption for several consecutive days, highlighting the current world's dependence on a small number of major computing service providers and drawing the attention of regulators who want more information about the nature of the problem.


原文链接