CrowdStrike, the cybersecurity company that caused a global computer outage last week, on Wednesday said that the breakdown stemmed from a flaw in its test software.
In an incident report, the company said the glitch was pushed out to millions of Windows computers and that the company will change the way it handles such updates in the future.
“Due to a bug in the content validator, one of two (updates) passed validation despite containing problematic content data,” said CrowdStrike.
CrowdStrike’s Falcon software is used by businesses around the world to better identify and handle malware and security breaches.
The type of update that caused the crash, which is frequently deployed by the company, will from now on be sent out gradually, so that problems can be detected before they are released at scale.
“A full-blown rollout from a security vendor to every customer within minutes is very dangerous,” Dave DeWalt, the former chief executive of cybersecurity company McAfee, told the Wall Street Journal.
CrowdStrike said on Monday that about 8.5 million devices were impacted by the outage, and warned customers that malicious actors were trying to take advantage of the situation.
A wide range of industries were hit by the outage, with users confronted with “blue screens of death” that made rebooting impossible.
The airline industry was hit most visibly by the crash, with US carrier Delta Airlines particularly affected.
The company said on Tuesday that it only expected a full return to normal on Thursday.
CrowdStrike CEO George Kurtz has been summoned by the US Congress to explain the incident.