• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Faulty Windows Update from CrowdStrike Hits Banks and Airlines Around the World

Joined
Dec 16, 2021
Messages
332 (0.31/day)
Location
Denmark
Processor AMD Ryzen 7 3800X
Motherboard ASUS Prime X470-Pro
Cooling bequiet! Dark Rock Slim
Memory 64 GB ECC DDR4 2666 MHz (Samsung M391A2K43BB1-CTD)
Video Card(s) eVGA GTX 1080 SC Gaming, 8 GB
Storage 1 TB Samsung 970 EVO Plus, 1 TB Samsung 850 EVO, 4 TB Lexar NM790, 12 TB WD HDDs
Display(s) Acer Predator XB271HU
Case Corsair Obsidian 550D
Audio Device(s) Creative X-Fi Fatal1ty
Power Supply Seasonic X-Series 560W
Mouse Logitech G502
Keyboard Glorious GMMK
Not sure if this has been mentioned since I couldn't bring myself to read all 199 comments. At least for the first couple of pages, the uninformed seem to blame Microsoft for this. As much as Microsoft screws up, this particular issue isn't on them ...in any way, shape or form.

The reason why this happened is because the CrowdStrike agent is a boot level driver. This means that it gets loaded pretty much before most of anything else, except when you boot in Safe Mode. Then, only absolutely necessary drivers are loaded. You also need Safe Mode to be able to delete the offending file, since in a regular session (when the PC wouldn't crash) the file would be in use and thus locked.

I must admit, when I read about the fix I couldn't believe my eyes. A file with the .sys extension is usually a driver. This means actual executable code. Usually anti-malware and HIPS applications work with some form of pattern file. CrowdStrike really does distribute its "signature" updates as executable code. And therein lies the problem. I don't know how many of you know about coding and pointers in particular, but here goes: CrowdStrike tried to call some code in that update (C-00000291*.sys). The problem was, the file CrowdStrike had pushed contained zeros. Now, when you try to call or dereference a pointer of 0 (nullptr), that just won't fly. Usually, to get around potential nullptrs you make a check for it before trying to use the pointer. You can also use try/catch statements. Apparently, someone at CrowdStrike didn't think this was necessary. And... BOOOM!

At the company I work, we also got hit pretty hard by this issue. While our company is actually on the smaller size, the corporation that owns us uses CrowdStrike. A lot of us are tech-savvy, being developers. Still we weren't able to help ourselves because these days you're not allowed to have admin permissions on your workstation. Our consultants are issued laptops, which, because they're used both on- and off-site, are BitLocker-encrypted. That's not necessarily a problem, because each consultant has their key. What they don't have is the recovery key, which for some reason is needed when you actually manage to get into Repair Mode. We had to have our sys admin take a break from his vacation to help get us up and running again. Many systems are still down, because there only was time to bring the most important ones back on-line.

And yes, this could just as easily have hit *nix and macOS. But the majority of businesses out there use Windows. Like it or not.
 

psydroid

New Member
Joined
Apr 5, 2024
Messages
7 (0.03/day)
Is it just me or do others think critical IT and society infrastructure services need to switch from Windows to Linux?

I don’t want this to be last thing I see before I die.
View attachment 355670

That should have happened years ago, but Microsoft people are deeply entrenched in organisations nowadays. I'm just glad I don't have to deal with this mess.
 
Joined
Jan 2, 2024
Messages
553 (1.70/day)
Location
Seattle
System Name DevKit
Processor AMD Ryzen 5 3600 ↗4.0GHz
Motherboard Asus TUF Gaming X570-Plus WiFi
Cooling Koolance CPU-300-H06, Koolance GPU-180-L06, SC800 Pump
Memory 4x16GB Ballistix 3200MT/s ↗3800
Video Card(s) PowerColor RX 580 Red Devil 8GB ↗1380MHz ↘1105mV, PowerColor RX 7900 XT Hellhound 20GB
Storage 240GB Corsair MP510, 120GB KingDian S280
Display(s) Nixeus VUE-24 (1080p144)
Case Koolance PC2-601BLW + Koolance EHX1020CUV Radiator Kit
Audio Device(s) Oculus CV-1
Power Supply Antec Earthwatts EA-750 Semi-Modular
Mouse Easterntimes Tech X-08, Zelotes C-12
Keyboard Logitech 106-key, Romoral 15-Key Macro, Royal Kludge RK84
VR HMD Oculus CV-1
Software Windows 10 Pro Workstation, VMware Workstation 16 Pro, MS SQL Server 2016, Fan Control v120, Blender
Benchmark Scores Cinebench R15: 1590cb Cinebench R20: 3530cb (7.83x451cb) CPU-Z 17.01.64: 481.2/3896.8 VRMark: 8009
What they don't have is the recovery key, which for some reason is needed when you actually manage to get into Repair Mode. We had to have our sys admin take a break from his vacation to help get us up and running again. Many systems are still down, because there only was time to bring the most important ones back on-line.
This part is insane. I would be PISSED if I had to work all year and cut through the middle of it to do some emergency global thing. Why isn't there a substitution for that guy while he's on vacation? That is probably gonna get looked at.
 
Joined
Oct 22, 2014
Messages
14,084 (3.82/day)
Location
Sunshine Coast
System Name H7 Flow 2024
Processor AMD 5800X3D
Motherboard Asus X570 Tough Gaming
Cooling Custom liquid
Memory 32 GB DDR4
Video Card(s) Intel ARC A750
Storage Crucial P5 Plus 2TB.
Display(s) AOC 24" Freesync 1m.s. 75Hz
Mouse Lenovo
Keyboard Eweadn Mechanical
Software W11 Pro 64 bit
Not sure if this has been mentioned since I couldn't bring myself to read all 199 comments
Next time just read the comments.
 
Joined
Jul 28, 2016
Messages
163 (0.05/day)
Location
Sydney, Australia
System Name Main Gaming Rig
Processor Intel Core i7 14700K
Motherboard Asus ROG Maximus Z790 HERO (Wi-Fi)
Cooling Noctua NH-D15S chromax.black
Memory G.Skill Trident Z5 RGB 64 GB (2 x 32 GB) DDR5-6400 CL32 Memory
Video Card(s) ASUS ROG Strix RTX 4080 GAMING OC
Storage 3 x Samsung 980 Pro 2 TB M.2 nVMe SSD's
Display(s) Asus ROG VG27A 27" 16:9 2560x1440 144/165Hz & Asus PB278Q 27” 16:9 2560x1440
Case Fractal Design Torrent RGB ATX Mid Tower Case
Audio Device(s) Onboard
Power Supply Seasonic Vertex ATX 3.0 80 Plus Platinum 1000W
Mouse Razer DeathAdder Chroma v2
Keyboard Razer Blackwidow Chroma v2
Software Windows 11 Pro 64 Bit
As a result of all of this, I reckon that Microsoft should make it a requirement to more prominently display the faulting file and owner of it on a blue screen. I saw someone throw a pic up on Twitter where the blue screen had the CrowdStrike logo on it. It's such a simple thing that I can't believe something like that hasn't been done already. Would have also avoided this getting blamed on Microsoft by all of the uneducated people out there and the media incorrectly reporting this as a "Faulty Windows Update" or "Microsoft Issue".
 
Last edited:
Joined
Dec 16, 2021
Messages
332 (0.31/day)
Location
Denmark
Processor AMD Ryzen 7 3800X
Motherboard ASUS Prime X470-Pro
Cooling bequiet! Dark Rock Slim
Memory 64 GB ECC DDR4 2666 MHz (Samsung M391A2K43BB1-CTD)
Video Card(s) eVGA GTX 1080 SC Gaming, 8 GB
Storage 1 TB Samsung 970 EVO Plus, 1 TB Samsung 850 EVO, 4 TB Lexar NM790, 12 TB WD HDDs
Display(s) Acer Predator XB271HU
Case Corsair Obsidian 550D
Audio Device(s) Creative X-Fi Fatal1ty
Power Supply Seasonic X-Series 560W
Mouse Logitech G502
Keyboard Glorious GMMK
This part is insane. I would be PISSED if I had to work all year and cut through the middle of it to do some emergency global thing. Why isn't there a substitution for that guy while he's on vacation? That is probably gonna get looked at.
He was at home, only a couple of kilometers away. Like I said, our's is a small company (30 people or so), albeit owned by a large corporation. In the olden days, some of us had administrative access to our systems (me included), but this is no longer policy. Still, I did what I could to help on Friday.
Next time just read the comments.
Thanks for that insightful comment. Well, I did go back and read (most of) the comments. I did see lots of Microsoft bashing. And the familiar "this wouldn't have happened on Linux" trope. What I didn't see was an actual explanation of what went wrong, so I believe my comment wasn't completely unwarranted.
 
Low quality post by Caring1
Joined
Oct 22, 2014
Messages
14,084 (3.82/day)
Location
Sunshine Coast
System Name H7 Flow 2024
Processor AMD 5800X3D
Motherboard Asus X570 Tough Gaming
Cooling Custom liquid
Memory 32 GB DDR4
Video Card(s) Intel ARC A750
Storage Crucial P5 Plus 2TB.
Display(s) AOC 24" Freesync 1m.s. 75Hz
Mouse Lenovo
Keyboard Eweadn Mechanical
Software W11 Pro 64 bit
Thanks for that insightful comment. Well, I did go back and read (most of) the comments. I did see lots of Microsoft bashing. And the familiar "this wouldn't have happened on Linux" trope. What I didn't see was an actual explanation of what went wrong, so I believe my comment wasn't completely unwarranted.
I love it when a lazy person comes in after multiple comments, admits they couldn't be bothered reading before commenting, then assumes they know more than everyone else and is going to "inform" us all of the cause. ‍♀️ :slap:
Like I said, next time just read the comments.
 
Joined
Mar 6, 2017
Messages
3,327 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3

What I get from the video is that CrowdStrike created a device driver that can dynamically load updated modules from a specified directory. This effectively creates an engine that runs untrusted and unapproved code in kernel land. If that doesn't scare the shit out of you, I really don't know what will.

What makes it even more scary is that CrowdStrike did not include any input validation into their code thus why this whole fiasco happened. They failed to check for the most basic of issues, a file full of null data. OOPS!

Honestly, I'd be very damned surprised that CrowdStrike survives this whole mess.
 
Last edited:

OneMoar

There is Always Moar
Joined
Apr 9, 2010
Messages
8,795 (1.65/day)
Location
Rochester area
System Name RPC MK2.5
Processor Ryzen 5800x
Motherboard Gigabyte Aorus Pro V2
Cooling Thermalright Phantom Spirit SE
Memory CL16 BL2K16G36C16U4RL 3600 1:1 micron e-die
Video Card(s) GIGABYTE RTX 3070 Ti GAMING OC
Storage Nextorage NE1N 2TB ADATA SX8200PRO NVME 512GB, Intel 545s 500GBSSD, ADATA SU800 SSD, 3TB Spinner
Display(s) LG Ultra Gear 32 1440p 165hz Dell 1440p 75hz
Case Phanteks P300 /w 300A front panel conversion
Audio Device(s) onboard
Power Supply SeaSonic Focus+ Platinum 750W
Mouse Kone burst Pro
Keyboard SteelSeries Apex 7
Software Windows 11 +startisallback
imagine being a global company and not using staged rollouts of updates
then imagine NOT testing those updates before they went live
Then imagine why your company no longer exists
 
Joined
Dec 16, 2021
Messages
332 (0.31/day)
Location
Denmark
Processor AMD Ryzen 7 3800X
Motherboard ASUS Prime X470-Pro
Cooling bequiet! Dark Rock Slim
Memory 64 GB ECC DDR4 2666 MHz (Samsung M391A2K43BB1-CTD)
Video Card(s) eVGA GTX 1080 SC Gaming, 8 GB
Storage 1 TB Samsung 970 EVO Plus, 1 TB Samsung 850 EVO, 4 TB Lexar NM790, 12 TB WD HDDs
Display(s) Acer Predator XB271HU
Case Corsair Obsidian 550D
Audio Device(s) Creative X-Fi Fatal1ty
Power Supply Seasonic X-Series 560W
Mouse Logitech G502
Keyboard Glorious GMMK
imagine being a global company and not using staged rollouts of updates
then imagine NOT testing those updates before they went live
Then imagine why your company no longer exists
Well, the CEO *did* say he was sorry. That has to count for something...
(this post may contain traces of sarcasm)
 
Joined
Jan 2, 2024
Messages
553 (1.70/day)
Location
Seattle
System Name DevKit
Processor AMD Ryzen 5 3600 ↗4.0GHz
Motherboard Asus TUF Gaming X570-Plus WiFi
Cooling Koolance CPU-300-H06, Koolance GPU-180-L06, SC800 Pump
Memory 4x16GB Ballistix 3200MT/s ↗3800
Video Card(s) PowerColor RX 580 Red Devil 8GB ↗1380MHz ↘1105mV, PowerColor RX 7900 XT Hellhound 20GB
Storage 240GB Corsair MP510, 120GB KingDian S280
Display(s) Nixeus VUE-24 (1080p144)
Case Koolance PC2-601BLW + Koolance EHX1020CUV Radiator Kit
Audio Device(s) Oculus CV-1
Power Supply Antec Earthwatts EA-750 Semi-Modular
Mouse Easterntimes Tech X-08, Zelotes C-12
Keyboard Logitech 106-key, Romoral 15-Key Macro, Royal Kludge RK84
VR HMD Oculus CV-1
Software Windows 10 Pro Workstation, VMware Workstation 16 Pro, MS SQL Server 2016, Fan Control v120, Blender
Benchmark Scores Cinebench R15: 1590cb Cinebench R20: 3530cb (7.83x451cb) CPU-Z 17.01.64: 481.2/3896.8 VRMark: 8009
What I get from the video is that CrowdStrike created a device driver that can dynamically load updated modules from a specified directory. This effectively creates an engine that runs untrusted and unapproved code in kernel land. If that doesn't scare the shit out of you, I really don't know what will.
Yup. This is something way more familiar in USER space. Updating dictionary tools, updating software packages, Microsoft/Steam/Epic stores deciding something is out of date and time to overwrite with something with a newer time stamp...All of those are perfectly normal. If something glitches or bugs out, we find ways around it while waiting for a fix or end up fixing things ourselves.

That doesn't fly at kernel level, especially when something is installed as a BOOT level driver. Those could be anything for interfacing with hardware like CPUs, GPUs and even some accelerators like PCI-E/SAS storage. There tends to be a lot of these but I usually reconfigure them to behave a bit differently on my systems before and after "first" boot.

1721626773340.png


Usually you'll see something flagged differently in ErrorControl than these two examples. Something like Critical - Log error & fail boot. In that situation when it fails, you'd get CrowdStrike'd hard.

......

I was here on day 0 and this thread was lit up with 4 pages by the time I got in. One whole ass page per hour and this isn't even a security forum.
You can bet every single one of those sites went wildly spinning themselves into orbit over this one.
This had so much reach that even the solar observer YouTuber guys had to chime in about it:
"If it was the sun, trust me, I would tell you."


Identify faulty driver(s) located in the one suspicious subdir where all boot critical drivers are located on the system, delete and reboot.
Simple as.

I didn't want to hammer that message home because one, I'm not a CrowdStrike customer and like most people here have identified nobody that is a customer for this LITERAL WHO. This isn't a security risk to anyone here and judging from half the threads it looks like I'm one of maybe three people reading fully equipped to deal with such a crisis in the first place. That part on its own is WILD. If deleting the null drivers wasn't enough, you'd have to go thumbing for some CrowdStrike service and hard delete that too.

Do you....You guys like fishing around in remote mounted hives for boot level drivers under CurrentControlSet and taking those risks?
Again, I'm equipped to deal with it and even I don't like doing it. This is exactly how we end up with the kinds of trust issues that lead to developing these emergency skills in the first place.

Anyway you're not going to like this but CrowdStrike will survive this flub and that's pretty much the basis for why the software even exists. What does that mean? I'll get to it. They have enough customers, obviously. Would I want CrowdStrike software running on any of my systems? Maybe if I had some highly targeted (lol no) mission critical (double LOL) VM or baremetal that's susceptible to Day 0 AI driven attacks or some absolutely insane pre-historic malware like Blaster that gets into every networked Windows box faster than a ninja sex party. Unlike those customers with ~8 million bricked machines, I don't subscribe to the kind of philosophy that permits these types of problems to reconstitute. I avoid updates on personal snowflake servers. I don't even like rebooting the server.

The software exists on the idea of rapid response to emerging threats, which is kind of along the lines of antivirus.
The problem started with one squirrely update that didn't ship correctly and people quickly applied it because they trust the vendor like that.
The fix was shipped out just over half an hour later but 8 million boxes rebooted before they could receive it.
Those 8 million boxes went offline and didn't need the protection anymore, which is a fail for production but NOT a fail for security.
It inconvenienced a bunch of IT pros and devops with a surprise recovery key audit to perform a fix because a lot of those systems had BitLocker/encryption and other complications involved.
So what I want to know is how many of those CrowdStrike systems that didn't go down, are still out in the wild and how often do they reboot after updates?
That might be something to check out.
imagine being a global company and not using staged rollouts of updates
then imagine NOT testing those updates before they went live
Then imagine why your company no longer exists
Honestly this right here should be the majority response. It won't happen because those subscribers have a completely separate philosophy and an entire other universe of problems to go with it. It might shake a few of them out of it though. Enough of these guys need to start asking some deep questions like "is this worth it?"
 
Joined
Mar 6, 2017
Messages
3,327 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
According to one YouTube commenter that says that he works at a company that runs CrowdStrike, he has staged updates to the systems that run the software. He said that he has three stages. The first stage gets the updates immediately but as he said that stage is reserved for devops or test systems to make sure that the CrowdStrike update doesn't mess anything up. He then went onto say that he has two additional stages, stage two where updates are more readily pushed out but not to every system, that's where stage three comes in; that stage is reserved for mission critical systems where CrowdStrike updates are only pushed out to those after SERIOUS amounts of testing.

That sounds like a good policy. Great. So, if this guy has that kind of staged updates how did his company get hit by this whole damn mess? Oh yeah... CrowdStrike delivered the faulty update as an update that would be pushed out regardless of what update stage you have a particular system in. It didn't matter if you had a system in the stage three update ring, it too got the update. YIKES!!!
 
Last edited:
Joined
Jan 2, 2024
Messages
553 (1.70/day)
Location
Seattle
System Name DevKit
Processor AMD Ryzen 5 3600 ↗4.0GHz
Motherboard Asus TUF Gaming X570-Plus WiFi
Cooling Koolance CPU-300-H06, Koolance GPU-180-L06, SC800 Pump
Memory 4x16GB Ballistix 3200MT/s ↗3800
Video Card(s) PowerColor RX 580 Red Devil 8GB ↗1380MHz ↘1105mV, PowerColor RX 7900 XT Hellhound 20GB
Storage 240GB Corsair MP510, 120GB KingDian S280
Display(s) Nixeus VUE-24 (1080p144)
Case Koolance PC2-601BLW + Koolance EHX1020CUV Radiator Kit
Audio Device(s) Oculus CV-1
Power Supply Antec Earthwatts EA-750 Semi-Modular
Mouse Easterntimes Tech X-08, Zelotes C-12
Keyboard Logitech 106-key, Romoral 15-Key Macro, Royal Kludge RK84
VR HMD Oculus CV-1
Software Windows 10 Pro Workstation, VMware Workstation 16 Pro, MS SQL Server 2016, Fan Control v120, Blender
Benchmark Scores Cinebench R15: 1590cb Cinebench R20: 3530cb (7.83x451cb) CPU-Z 17.01.64: 481.2/3896.8 VRMark: 8009
Were they still able to pull up OTIS?
 

Count von Schwalbe

Moderator
Staff member
Joined
Nov 15, 2021
Messages
3,059 (2.77/day)
Location
Knoxville, TN, USA
System Name Work Computer | Unfinished Computer
Processor Core i7-6700 | Ryzen 5 5600X
Motherboard Dell Q170 | Gigabyte Aorus Elite Wi-Fi
Cooling A fan? | Truly Custom Loop
Memory 4x4GB Crucial 2133 C17 | 4x8GB Corsair Vengeance RGB 3600 C26
Video Card(s) Dell Radeon R7 450 | RTX 2080 Ti FE
Storage Crucial BX500 2TB | TBD
Display(s) 3x LG QHD 32" GSM5B96 | TBD
Case Dell | Heavily Modified Phanteks P400
Power Supply Dell TFX Non-standard | EVGA BQ 650W
Mouse Monster No-Name $7 Gaming Mouse| TBD
Joined
May 13, 2010
Messages
6,065 (1.14/day)
System Name RemixedBeast-NX
Processor Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard Dell Inc. 08HPGT (CPU 1)
Cooling Dell Standard
Memory 24GB ECC
Video Card(s) Gigabyte Nvidia RTX2060 6GB
Storage 2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case Dell Precision T3600 Chassis
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 630w Dell T3600 PSU
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Linux Mint 20
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P
so now w this whole crowdstrike thing we now have a few things that are like a juicy steak for hackers

1) A list of clients that use CS
2) The methods that the software uses
3) A way to push an infected content file that gets run thru the kernel driver

Someone allready is selling a COMPLETE list of CS users as well.
 
Joined
Jul 30, 2019
Messages
3,276 (1.69/day)
System Name Still not a thread ripper but pretty good.
Processor Ryzen 9 7950x, Thermal Grizzly AM5 Offset Mounting Kit, Thermal Grizzly Extreme Paste
Motherboard ASRock B650 LiveMixer (BIOS/UEFI version P3.08, AGESA 1.2.0.2)
Cooling EK-Quantum Velocity, EK-Quantum Reflection PC-O11, D5 PWM, EK-CoolStream PE 360, XSPC TX360
Memory Micron DDR5-5600 ECC Unbuffered Memory (2 sticks, 64GB, MTC20C2085S1EC56BD1) + JONSBO NF-1
Video Card(s) XFX Radeon RX 5700 & EK-Quantum Vector Radeon RX 5700 +XT & Backplate
Storage Samsung 4TB 980 PRO, 2 x Optane 905p 1.5TB (striped), AMD Radeon RAMDisk
Display(s) 2 x 4K LG 27UL600-W (and HUANUO Dual Monitor Mount)
Case Lian Li PC-O11 Dynamic Black (original model)
Audio Device(s) Corsair Commander Pro for Fans, RGB, & Temp Sensors (x4)
Power Supply Corsair RM750x
Mouse Logitech M575
Keyboard Corsair Strafe RGB MK.2
Software Windows 10 Professional (64bit)
Benchmark Scores RIP Ryzen 9 5950x, ASRock X570 Taichi (v1.06), 128GB Micron DDR4-3200 ECC UDIMM (18ASF4G72AZ-3G2F1)
so now w this whole crowdstrike thing we now have a few things that are like a juicy steak for hackers

1) A list of clients that use CS
2) The methods that the software uses
3) A way to push an infected content file that gets run thru the kernel driver

Someone allready is selling a COMPLETE list of CS users as well.
What makes you think #2 and #3 were not already known?
 
Joined
May 13, 2010
Messages
6,065 (1.14/day)
System Name RemixedBeast-NX
Processor Intel Xeon E5-2690 @ 2.9Ghz (8C/16T)
Motherboard Dell Inc. 08HPGT (CPU 1)
Cooling Dell Standard
Memory 24GB ECC
Video Card(s) Gigabyte Nvidia RTX2060 6GB
Storage 2TB Samsung 860 EVO SSD//2TB WD Black HDD
Display(s) Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900
Case Dell Precision T3600 Chassis
Audio Device(s) Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DAC
Power Supply 630w Dell T3600 PSU
Mouse Logitech G700s/G502
Keyboard Logitech K740
Software Linux Mint 20
Benchmark Scores Network: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and Lite Router/Sw:Meraki MX64 MS220-8P
Joined
Mar 6, 2017
Messages
3,327 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
What makes you think #2 and #3 were not already known?
Number 3 really scares me. I hope to God that CrowdStrike included in some kind of digital signature verification to make sure that whatever modules the kernel driver loads are valid modules to load. Then again, I'm not willing to put any money on it.
 
Joined
Aug 29, 2005
Messages
7,256 (1.03/day)
Location
Stuck somewhere in the 80's Jpop era....
System Name Lynni PS \ Lenowo TwinkPad L14 G2
Processor AMD Ryzen 7 7700 Raphael (Waiting on 9800X3D) \ i5-1135G7 Tiger Lake-U
Motherboard ASRock B650M PG Riptide Bios v. 3.10 AMD AGESA 1.2.0.2a \ Lenowo BDPLANAR Bios 1.68
Cooling Noctua NH-D15 Chromax.Black (Only middle fan) \ Lenowo C-267C-2
Memory G.Skill Flare X5 2x16GB DDR5 6000MHZ CL36-36-36-96 AMD EXPO \ Willk Elektronik 2x16GB 2666MHZ CL17
Video Card(s) Asus GeForce RTX™ 4070 Dual OC (Waiting on RX 8800 XT) | Intel® Iris® Xe Graphics
Storage Gigabyte M30 1TB|Sabrent Rocket 2TB| HDD: 10TB|1TB \ WD RED SN700 1TB
Display(s) KTC M27T20S 1440p@165Hz | LG 48CX OLED 4K HDR | Innolux 14" 1080p
Case Asus Prime AP201 White Mesh | Lenowo L14 G2 chassis
Audio Device(s) Steelseries Arctis Pro Wireless
Power Supply Be Quiet! Pure Power 12 M 750W Goldie | 65W
Mouse Logitech G305 Lightspeedy Wireless | Lenowo TouchPad & Logitech G305
Keyboard Ducky One 3 Daybreak Fullsize | L14 G2 UK Lumi
Software Win11 IoT Enterprise 24H2 UK | Win11 IoT Enterprise LTSC 24H2 UK / Arch (Fan)
Benchmark Scores 3DMARK: https://www.3dmark.com/3dm/89434432? GPU-Z: https://www.techpowerup.com/gpuz/details/v3zbr
Who in their right mind actually releases a update on a Friday?

I thought that really was a no go unless the systems didn't work in the first place.
 
Joined
Oct 22, 2014
Messages
14,084 (3.82/day)
Location
Sunshine Coast
System Name H7 Flow 2024
Processor AMD 5800X3D
Motherboard Asus X570 Tough Gaming
Cooling Custom liquid
Memory 32 GB DDR4
Video Card(s) Intel ARC A750
Storage Crucial P5 Plus 2TB.
Display(s) AOC 24" Freesync 1m.s. 75Hz
Mouse Lenovo
Keyboard Eweadn Mechanical
Software W11 Pro 64 bit
Why does this remind me of squirrels? :laugh:
 
Joined
Feb 23, 2019
Messages
6,061 (2.89/day)
Location
Poland
Processor Ryzen 7 5800X3D
Motherboard Gigabyte X570 Aorus Elite
Cooling Thermalright Phantom Spirit 120 SE
Memory 2x16 GB Crucial Ballistix 3600 CL16 Rev E @ 3800 CL16
Video Card(s) RTX3080 Ti FE
Storage SX8200 Pro 1 TB, Plextor M6Pro 256 GB, WD Blue 2TB
Display(s) LG 34GN850P-B
Case SilverStone Primera PM01 RGB
Audio Device(s) SoundBlaster G6 | Fidelio X2 | Sennheiser 6XX
Power Supply SeaSonic Focus Plus Gold 750W
Mouse Endgame Gear XM1R
Keyboard Wooting Two HE
Was this posted already?


Also, fun fact:
An interesting sidenote pointed out by The Register is that CrowdStrike's current CEO, George Kurtz, was also CEO of McAFee during an infamous 2010 update that caused several PCs to be stuck in an endless boot loop. This likely makes George Kurtz the first CEO in history to preside over two major global PC outages caused by bad security software updates.
 
Joined
Jan 18, 2012
Messages
437 (0.09/day)
Location
Quodam loco Albanianae
System Name The Dark side of the room
Processor AMD Ryzen 9 5900X
Motherboard MSI MEG X570 Unify
Cooling Custom loop watercooling (Bykski CPU-XPR-POM-M-V2, Alphacool Eisblock GPX, Freezemod PU-PWM5B18W)
Memory GSkill Ripjaws V DDR4 3600 CL16 (4 x 16GB)
Video Card(s) XFX Speedster QICK 319 Radeon RX 6700 XT
Storage 1 x Kingston KC3000 1024GB (boot drive) + 2 x Kingston NV2 2TB (games & storage)
Display(s) LG 34WP65C Ultrawide 3440x1440 @ 160Hz freesync premium
Case Thermaltake Core P90 TG (slightly modded)
Audio Device(s) onboard Realtek® ALC1220 with Logitech Z906
Power Supply MSI MAG A850GF 80 Plus Gold
Mouse Generic
Keyboard Sharkoon Skiller SGK60 (with brown Kalih switches)
Software Windows 11 pro
Benchmark Scores It's a form of exhibitionism...;-), but fun in a way But showing off is triggering.............
I just watched this YT video of a guy with some more knowledge of MS Windows that the average Joe.
Part of his story might as well have been in Chinese as I had no idea what he was talking about :eek:, but for some of us here it will make sense.

 

Count von Schwalbe

Moderator
Staff member
Joined
Nov 15, 2021
Messages
3,059 (2.77/day)
Location
Knoxville, TN, USA
System Name Work Computer | Unfinished Computer
Processor Core i7-6700 | Ryzen 5 5600X
Motherboard Dell Q170 | Gigabyte Aorus Elite Wi-Fi
Cooling A fan? | Truly Custom Loop
Memory 4x4GB Crucial 2133 C17 | 4x8GB Corsair Vengeance RGB 3600 C26
Video Card(s) Dell Radeon R7 450 | RTX 2080 Ti FE
Storage Crucial BX500 2TB | TBD
Display(s) 3x LG QHD 32" GSM5B96 | TBD
Case Dell | Heavily Modified Phanteks P400
Power Supply Dell TFX Non-standard | EVGA BQ 650W
Mouse Monster No-Name $7 Gaming Mouse| TBD
Joined
Jan 18, 2012
Messages
437 (0.09/day)
Location
Quodam loco Albanianae
System Name The Dark side of the room
Processor AMD Ryzen 9 5900X
Motherboard MSI MEG X570 Unify
Cooling Custom loop watercooling (Bykski CPU-XPR-POM-M-V2, Alphacool Eisblock GPX, Freezemod PU-PWM5B18W)
Memory GSkill Ripjaws V DDR4 3600 CL16 (4 x 16GB)
Video Card(s) XFX Speedster QICK 319 Radeon RX 6700 XT
Storage 1 x Kingston KC3000 1024GB (boot drive) + 2 x Kingston NV2 2TB (games & storage)
Display(s) LG 34WP65C Ultrawide 3440x1440 @ 160Hz freesync premium
Case Thermaltake Core P90 TG (slightly modded)
Audio Device(s) onboard Realtek® ALC1220 with Logitech Z906
Power Supply MSI MAG A850GF 80 Plus Gold
Mouse Generic
Keyboard Sharkoon Skiller SGK60 (with brown Kalih switches)
Software Windows 11 pro
Benchmark Scores It's a form of exhibitionism...;-), but fun in a way But showing off is triggering.............
Top