Friday, July 19th 2024
Faulty Windows Update from CrowdStrike Hits Banks and Airlines Around the World
A faulty software update to enterprise computers by cybersecurity firm CrowdStrike has taken millions of computers offline, most of which are in a commercial or enterprise environment, or are Azure deployments. CrowdStrike provides periodic software and security updates to commercial PCs, enterprise PCs, and cloud instances, with a high degree of automation. The latest update reportedly breaks the Windows bootloader, causing bluescreens of death (BSODs), and if configured, invokes Windows Recovery. Enterprises tend to bulletproof the bootloaders of their client machines, and disable generic Windows Recovery tools from Microsoft, which means businesses around the world are left with large numbers of machines that will each take manual fixing. The so-called "Windows CrowdStrike BSOD deluge" has hit critical businesses such as banks, airlines, supermarket chains, and TV broadcasters. Meanwhile, sysadmins on Reddit are wishing each other a happy weekend.
Source:
The Verge
234 Comments on Faulty Windows Update from CrowdStrike Hits Banks and Airlines Around the World
e.g. CrowdStrike Detects Dell Driver Vulnerability CVE-2021-21551
Falcon is a kernel extension/system extension on all supported platforms, from my understanding. It needs to be to be effective. No, it’s not an AV strictly speaking. It has nothing to do with developers of any OS. This is just a specific case where the Windows update package was shipped scuffed.
Perhaps i'm misinterpreting it, but it seems to me Windows Update had a problem, and CrowdStrike EXPOSED IT, with their faulty update.
(Fwiw, my only beef with Windows is that, as a software developer, I get it shoved down my throat because of AD, despite it being the worst pick of the bunch for actual software development. It's great for a lot of other things, I run both Win and Linux myself.)
CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_DEBUG_INFO_BTF=y
CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT=y
CrowdStrike Falcon Sensor - Red Hat Ecosystem Catalog
With macOS 10.5.x, Apple announced that they will no longer support kernel extensions (kext) for third-party developers.
CrowdStrike completely re-wrote the macOS sensor from the ground up for Catalina to use the user-mode APIs.
I have it enabled all all our machines on the network just in case something like this happens. I think ahead.
bcdedit /set {default} bootmenupolicy legacy
It works on all systems even ones with secure boot. It does not affect the boot processs any it's just there for emergencies when you need it most.
All the people in my life that called I just said tap F8 and wait for menu and then goto Last know Good Config. All working fine now.
Cheers all
But since many of those have bitlocker enabled, you need to access AD for each one, but…those servers hosting the keys are also down.
There will be a lot of reimaged PCs.
About the Win vs Linux vs MacOS, i think that only Windows allow such access to the kernel, hence why anticheat rootkits cant run in Linux when using Proton for Win games.
The only thing I am upset at is abysmal levels of reading comprehension on a tech enthusiast site, honestly. In general, not with you personally. What happened is clear. CrowdStrike even published a statement. Of course, what EXACTLY has been scuffed in the package wasn’t disclosed for obvious security reasons.
1. A corrupted boot loader causes a BSOD (without rebooting, I assume)
2. But the corrupted boot loader doesn't prevent the PC from booting in safe mode.
This is fair, though I fear that would require them to essentially overhaul the entire kernel at this point, Vista/NT6-style, which isn’t in the cards anytime soon, I assume.