Security News Crowdstrike update causes Windows Enterprise computer outage worldwide

[NormanF]

Its a Falcon sensor installed on Windows that monitors cyberware attacks so they can be averted.

Ironic a faulty update to them took down systems around the world.

 

[Trident]

CrowdStrike published the technical details as well, stating that a faulty “channel file” is to blame. This channel file actually seems like a behavioural monitoring logical update and was meant to improve the way CS evaluates named pipes (process-to-process data sharing paths). It resulted in a “logical error”.

Technical Details: Falcon Update for Windows Hosts | CrowdStrike

Learn more about the technical details around the Falcon update for Windows hosts.

www.crowdstrike.com

I’ve got a few questions here, but first and foremost, I am curious to know why behavioural monitoring needs to receive several daily updates. Also, what are behavioural-monitoring-related files doing in C:/Windows/System32/Drivers, with a *.sys extension. A lot of questions about CrowdStrike architecture and quality arise.

 

[SpiderWeb]

CrowdStrike published the technical details as well, stating that a faulty “channel file” is to blame. This channel file actually seems like a behavioural monitoring logical update and was meant to improve the way CS evaluates named pipes (process-to-process data sharing paths). It resulted in a “logical error”.

Technical Details: Falcon Update for Windows Hosts | CrowdStrike

Learn more about the technical details around the Falcon update for Windows hosts.

www.crowdstrike.com

I’ve got a few questions here, but first and foremost, I am curious to know why behavioural monitoring needs to receive several daily updates. Also, what are behavioural-monitoring-related files doing in C:/Windows/System32/Drivers, with a *.sys extension. A lot of questions about CrowdStrike architecture and quality arise.

In an ideal world where Windows is a competent operating system, it would attempt to automatically reboot with that one system driver disabled and report that the driver has failed to the end user or management console. No 3rd party software should ever be able to brick an entire computer but here we are. I wonder if they fixed this already since Windows 11 devices were unaffected. Kernel space needs to be isolated and only Microsoft signed system services should be allowed to run. Apple already solved this years ago and kicked all AVs out of the kernel space and it has actually made the OS more secure not less. See the system privileges that AVs use are also the most glaring vulnerabilities in Windows, a literal backdoor into the computer that is only open because AV Vendors have been lobbying Microsoft to keep it there and now it soft bricked 8.5 million Windows machines.

System and kernel extensions in macOS

Kernel extensions (kexts) risk the integrity and reliability of the operating system, and so users should prefer solutions that donʼt require extending the kernel and use system extensions instead.

support.apple.com

 

[Trident]

The problem is that solutions for Mac os have no behavioural blocking or they’ve got a very basic one. Windows solutions attempt to evaluate memory operations and that can only be done in kernel mode. But I agree, the system should attempt to to boot only with the most minimal set of drivers after BSOD.

As well as CrowdStrike can check the contents they deliver.

 

[Gandalf_The_Grey]

Delta Airlines is reportedly planning to file lawsuits against CrowdStrike and Microsoft

It was inevitable that lawsuits might be filed due to the outage of millions of Windows PCs earlier in July from a faulty security update from CrowdStrike. One of the many major companies affected by the outage was Delta Airlines. Today, there's word that the company has hired a well-known attorney to help prepare for lawsuits against both CrowdStrike and Microsoft.

CNBC reports, via unnamed sources, that Delta has hired David Boies to get its lawsuits ready against the two companies. Boies has some experience with dealing with Microsoft. He helped lead the US government's case anti-trust case against the company in 2001 over Microsoft's use of Internet Explorer bundled inside Windows.

Delta has yet to officially comment on the hiring of Boies or any plans to launch a court case against Microsoft or CrowdStrike. The airline canceled thousands of flights over the weekend of July 19 due to its Windows PCs being hit with the botched CrowdStrike update.

CNBC's report claims the monetary damages caused by all those flights being canceled could be between $350 million and $500 million. It added that the airline has had to offer 176,000 refunds or other kinds of reimbursements to its customers for those canceled flights. One estimate claims that over $15 billion in monetary damages were created by the CrowdStrike outage worldwide among all the businesses that were affected.

Delta Airlines is reportedly planning to file lawsuits against CrowdStrike and Microsoft

Delta Airlines has reportedly hired the well-known attorney David Boies, and he may be planning to file lawsuits against both CrowdStrike and Microsoft for the huge outage caused by a faulty update.

www.neowin.net

 

[Gandalf_The_Grey]

CrowdStrike strikes again, causing app crashes on Windows 11 24H2

Microsoft issued a warning that Windows 11 version 24H2 with certain antivirus software is causing apps, such as Excel and Word, to stop responding and freeze. Fortunately, the bug has already been mitigated with a temporary workaround.

According to a document published on the official Microsoft Support website, the problem affects organizations with CrowdStrike's Falcon sensor software (the one that caused global blue screens of death earlier this year) and the Enhanced Exploitation Visibility Prevention Policy setting enabled in the Prevention Policy applied to the host. Microsoft says app freezes occur on systems after in-place updates or clean installation of Windows 11 24H2.

As of right now, there is no information on whether other Windows versions are affected. Also, consumers with Home or Pro editions of Windows 11 version 24H2 are immune to the bug.

Fortunately, a workaround has already been applied. Microsoft says CrowdStrike temporarily fixed the problem by turning off problematic features. A permanent solution will be available in the future.

CrowdStrike strikes again, causing app crashes on Windows 11 24H2

Microsoft acknowledged that Windows 11 24H2 with certain antivirus solutions is causing apps, such as Office, to freeze. However, there is already a workaround.

www.neowin.net