Outlaw on youtube did a video about it.
https://www.youtube.com/watch?v=s7kq43TF_98
Some fucktard at crowdstrike built in a null pointer dereference in a piece of privileged code that starts up with windows. There was no testing done, since otherwise even a basic static code analyzer would have caught it.
No conspiracy here. Just shitty software development practices.
Crowdstrike went even as far as to push the update directly to the clients, without asking the clients IT Admins.