• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Faulty Windows Update from CrowdStrike Hits Banks and Airlines Around the World

Joined
Jan 3, 2021
Messages
3,482 (2.46/day)
Location
Slovenia
Processor i5-6600K
Motherboard Asus Z170A
Cooling some cheap Cooler Master Hyper 103 or similar
Memory 16GB DDR4-2400
Video Card(s) IGP
Storage Samsung 850 EVO 250GB
Display(s) 2x Oldell 24" 1920x1200
Case Bitfenix Nova white windowless non-mesh
Audio Device(s) E-mu 1212m PCI
Power Supply Seasonic G-360
Mouse Logitech Marble trackball, never had a mouse
Keyboard Key Tronic KT2000, no Win key because 1994
Software Oldwin
There are automated ways to fix it in some environments. The problem is drive encryption..
Another problem is PCs that won't boot.

Although ... isn't there a thing called Intel Management Engine, which system admins can use to access disks and everything on a PC even if it's turned off or unable to boot?
 
Joined
Jan 5, 2006
Messages
18,584 (2.69/day)
System Name AlderLake
Processor Intel i7 12700K P-Cores @ 5Ghz
Motherboard Gigabyte Z690 Aorus Master
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory 32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s) MSI RTX 2070 Super Gaming X Trio
Storage Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p
Case Be quiet! Silent Base 600 - Window
Audio Device(s) Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply Seasonic Focus Plus Gold 750W
Mouse Logitech MX Anywhere 2 Laser wireless
Keyboard RAPOO E9270P Black 5GHz wireless
Software Windows 11
Benchmark Scores Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock
This was 100% caused by CrowdStrike and not Microsoft.

Global outage due to CrowdStrike Falcon-package failure affecting Windows.
 
Joined
Oct 11, 2006
Messages
1,073 (0.16/day)
System Name My Current Desktop
Processor i9 12900KF
Motherboard Asus ROG STRIX Z690-E GAMING WIFI
Cooling ARCTIC Liquid Freezer II 360
Memory G.Skill Trident Z5 RGB Series 32GB (2 x 16GB) DDR5 6400 F5-6400J3239G16GA2-TZ5RS
Video Card(s) RTX 3090 FE
Storage SAMSUNG 980 PRO SSD 1TB
Display(s) Samsung G80SD
Case Fractal Design Torrent White
Audio Device(s) Schiit Bifrost2
Power Supply Corsair HX850
Mouse Razer Basilisk v3 pro
Keyboard Keychron Q6 Max (brown)
Software Win 11 Pro
Another problem is PCs that won't boot.

Although ... isn't there a thing called Intel Management Engine, which system admins can use to access disks and everything on a PC even if it's turned off or unable to boot?
I've never seen anyone put in the effort to set that up. in my experience, the teams usually just rely on stuff like Endpoint Central, Ivanti management suite, etc.
 

Easy Rhino

Linux Advocate
Staff member
Joined
Nov 13, 2006
Messages
15,577 (2.37/day)
Location
Mid-Atlantic
System Name Desktop
Processor i5 13600KF
Motherboard AsRock B760M Steel Legend Wifi
Cooling Noctua NH-U9S
Memory 4x 16 Gb Gskill S5 DDR5 @6000
Video Card(s) Gigabyte Gaming OC 6750 XT 12GB
Storage WD_BLACK 4TB SN850x
Display(s) Gigabye M32U
Case Corsair Carbide 400C
Audio Device(s) On Board
Power Supply EVGA Supernova 650 P2
Mouse MX Master 3s
Keyboard Logitech G915 Wireless Clicky
Software The Matrix
Am I understanding that because CrowdStrike installs at the Windows kernel level it has broken Windows computers and not Mac and Linux? Mac and Linux OS devs are smart enough to not allow something as horrible as AV software into the kernel and rather restrict it to user space?
 
Joined
Oct 11, 2006
Messages
1,073 (0.16/day)
System Name My Current Desktop
Processor i9 12900KF
Motherboard Asus ROG STRIX Z690-E GAMING WIFI
Cooling ARCTIC Liquid Freezer II 360
Memory G.Skill Trident Z5 RGB Series 32GB (2 x 16GB) DDR5 6400 F5-6400J3239G16GA2-TZ5RS
Video Card(s) RTX 3090 FE
Storage SAMSUNG 980 PRO SSD 1TB
Display(s) Samsung G80SD
Case Fractal Design Torrent White
Audio Device(s) Schiit Bifrost2
Power Supply Corsair HX850
Mouse Razer Basilisk v3 pro
Keyboard Keychron Q6 Max (brown)
Software Win 11 Pro
Am I understanding that because CrowdStrike installs at the Windows kernel level it has broken Windows computers and not Mac and Linux? Mac and Linux OS devs are smart enough to not allow something as horrible as AV software into the kernel and rather restrict it to user space?
Kernel-level is what makes them able to detect/remove active malware so effectively. It's not AV per-se it's EDR.

e.g. CrowdStrike Detects Dell Driver Vulnerability CVE-2021-21551
 
Joined
Nov 27, 2023
Messages
2,311 (6.42/day)
System Name The Workhorse
Processor AMD Ryzen R9 5900X
Motherboard Gigabyte Aorus B550 Pro
Cooling CPU - Noctua NH-D15S Case - 3 Noctua NF-A14 PWM at the bottom, 2 Fractal Design 180mm at the front
Memory GSkill Trident Z 3200CL14
Video Card(s) NVidia GTX 1070 MSI QuickSilver
Storage Adata SX8200Pro
Display(s) LG 32GK850G
Case Fractal Design Torrent (Solid)
Audio Device(s) FiiO E-10K DAC/Amp, Samson Meteorite USB Microphone
Power Supply Corsair RMx850 (2018)
Mouse Razer Viper (Original) on a X-Raypad Equate Plus V2
Keyboard Cooler Master QuickFire Rapid TKL keyboard (Cherry MX Black)
Software Windows 11 Pro (23H2)
@Easy Rhino
Falcon is a kernel extension/system extension on all supported platforms, from my understanding. It needs to be to be effective. No, it’s not an AV strictly speaking. It has nothing to do with developers of any OS. This is just a specific case where the Windows update package was shipped scuffed.
 

HTC

Joined
Apr 1, 2008
Messages
4,664 (0.77/day)
Location
Portugal
System Name HTC's System
Processor Ryzen 5 5800X3D
Motherboard Asrock Taichi X370
Cooling NH-C14, with the AM4 mounting kit
Memory G.Skill Kit 16GB DDR4 F4 - 3200 C16D - 16 GTZB
Video Card(s) Sapphire Pulse 6600 8 GB
Storage 1 Samsung NVMe 960 EVO 250 GB + 1 3.5" Seagate IronWolf Pro 6TB 7200RPM 256MB SATA III
Display(s) LG 27UD58
Case Fractal Design Define R6 USB-C
Audio Device(s) Onboard
Power Supply Corsair TX 850M 80+ Gold
Mouse Razer Deathadder Elite
Software Ubuntu 20.04.6 LTS
Question: while the original problem seems to be caused by CrowdStrike, doesn't the fact that it cripples Windows ALSO make it a Windows problem?

Perhaps i'm misinterpreting it, but it seems to me Windows Update had a problem, and CrowdStrike EXPOSED IT, with their faulty update.
 

Easy Rhino

Linux Advocate
Staff member
Joined
Nov 13, 2006
Messages
15,577 (2.37/day)
Location
Mid-Atlantic
System Name Desktop
Processor i5 13600KF
Motherboard AsRock B760M Steel Legend Wifi
Cooling Noctua NH-U9S
Memory 4x 16 Gb Gskill S5 DDR5 @6000
Video Card(s) Gigabyte Gaming OC 6750 XT 12GB
Storage WD_BLACK 4TB SN850x
Display(s) Gigabye M32U
Case Corsair Carbide 400C
Audio Device(s) On Board
Power Supply EVGA Supernova 650 P2
Mouse MX Master 3s
Keyboard Logitech G915 Wireless Clicky
Software The Matrix
Kernel-level is what makes them able to detect/remove active malware so effectively. It's not AV per-se it's EDR.

e.g. CrowdStrike Detects Dell Driver Vulnerability CVE-2021-21551

@Easy Rhino
Falcon is a kernel extension/system extension on all supported platforms, from my understanding. It needs to be to be effective. No, it’s not an AV strictly speaking. It has nothing to do with developers of any OS. This is just a specific case where the Windows update package was shipped scuffed.

Right, it is EDR. But does Windows HAVE to install this at the kernel level to be as effective as say OSX or Linux installing it in userspace? That is an OS design decision, isn't it?
 
Joined
Mar 16, 2017
Messages
2,093 (0.75/day)
Location
Tanagra
System Name Budget Box
Processor Xeon E5-2667v2
Motherboard ASUS P9X79 Pro
Cooling Some cheap tower cooler, I dunno
Memory 32GB 1866-DDR3 ECC
Video Card(s) XFX RX 5600XT
Storage WD NVME 1GB
Display(s) ASUS Pro Art 27"
Case Antec P7 Neo
At least one of my local news stations has been down since 5:30 this morning. They reported on their website it's related to this issue. Whoboy, sure seems like a giant mess.
 
Joined
Nov 27, 2023
Messages
2,311 (6.42/day)
System Name The Workhorse
Processor AMD Ryzen R9 5900X
Motherboard Gigabyte Aorus B550 Pro
Cooling CPU - Noctua NH-D15S Case - 3 Noctua NF-A14 PWM at the bottom, 2 Fractal Design 180mm at the front
Memory GSkill Trident Z 3200CL14
Video Card(s) NVidia GTX 1070 MSI QuickSilver
Storage Adata SX8200Pro
Display(s) LG 32GK850G
Case Fractal Design Torrent (Solid)
Audio Device(s) FiiO E-10K DAC/Amp, Samson Meteorite USB Microphone
Power Supply Corsair RMx850 (2018)
Mouse Razer Viper (Original) on a X-Raypad Equate Plus V2
Keyboard Cooler Master QuickFire Rapid TKL keyboard (Cherry MX Black)
Software Windows 11 Pro (23H2)
Right, it is EDR. But does Windows HAVE to install this at the kernel level to be as effective as say OSX or Linux installing it in userspace?
Why are you assuming that OSX or Linux install them in userspace? Hint: they don’t. Linux one is also a kernel driver and the OSX one is a system extension (analogous to kernel driver for OSX).

Perhaps i'm misinterpreting it, but it seems to me Windows Update had a problem, and CrowdStrike EXPOSED IT, with their faulty update.
WinUpdate has absolutely nothing to do with the issue at hand.
 

bug

Joined
May 22, 2015
Messages
13,755 (3.96/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Oh good, the Linux idiots have arrived to shit on things they have zero understanding of.
If you mean me, I originally replied to the part where you have to go in and manually delete some file. Only later I connected the dots to the PCs actually failing to boot. My bad.

(Fwiw, my only beef with Windows is that, as a software developer, I get it shoved down my throat because of AD, despite it being the worst pick of the bunch for actual software development. It's great for a lot of other things, I run both Win and Linux myself.)
 
Joined
Jan 5, 2006
Messages
18,584 (2.69/day)
System Name AlderLake
Processor Intel i7 12700K P-Cores @ 5Ghz
Motherboard Gigabyte Z690 Aorus Master
Cooling Noctua NH-U12A 2 fans + Thermal Grizzly Kryonaut Extreme + 5 case fans
Memory 32GB DDR5 Corsair Dominator Platinum RGB 6000MT/s CL36
Video Card(s) MSI RTX 2070 Super Gaming X Trio
Storage Samsung 980 Pro 1TB + 970 Evo 500GB + 850 Pro 512GB + 860 Evo 1TB x2
Display(s) 23.8" Dell S2417DG 165Hz G-Sync 1440p
Case Be quiet! Silent Base 600 - Window
Audio Device(s) Panasonic SA-PMX94 / Realtek onboard + B&O speaker system / Harman Kardon Go + Play / Logitech G533
Power Supply Seasonic Focus Plus Gold 750W
Mouse Logitech MX Anywhere 2 Laser wireless
Keyboard RAPOO E9270P Black 5GHz wireless
Software Windows 11
Benchmark Scores Cinebench R23 (Single Core) 1936 @ stock Cinebench R23 (Multi Core) 23006 @ stock
Joined
Oct 11, 2006
Messages
1,073 (0.16/day)
System Name My Current Desktop
Processor i9 12900KF
Motherboard Asus ROG STRIX Z690-E GAMING WIFI
Cooling ARCTIC Liquid Freezer II 360
Memory G.Skill Trident Z5 RGB Series 32GB (2 x 16GB) DDR5 6400 F5-6400J3239G16GA2-TZ5RS
Video Card(s) RTX 3090 FE
Storage SAMSUNG 980 PRO SSD 1TB
Display(s) Samsung G80SD
Case Fractal Design Torrent White
Audio Device(s) Schiit Bifrost2
Power Supply Corsair HX850
Mouse Razer Basilisk v3 pro
Keyboard Keychron Q6 Max (brown)
Software Win 11 Pro
Right, it is EDR. But does Windows HAVE to install this at the kernel level to be as effective as say OSX or Linux installing it in userspace?
their Linux sensor is kernel mode or user mode, but the kernel needs to be recompiled with 5 additional flags for user mode to work.

CONFIG_BPF=y
CONFIG_BPF_SYSCALL=y
CONFIG_DEBUG_INFO_BTF=y
CONFIG_BPF_EVENTS=y
CONFIG_BPF_JIT=y

CrowdStrike Falcon Sensor - Red Hat Ecosystem Catalog

With macOS 10.5.x, Apple announced that they will no longer support kernel extensions (kext) for third-party developers.

CrowdStrike completely re-wrote the macOS sensor from the ground up for Catalina to use the user-mode APIs.
 
Last edited:

Easy Rhino

Linux Advocate
Staff member
Joined
Nov 13, 2006
Messages
15,577 (2.37/day)
Location
Mid-Atlantic
System Name Desktop
Processor i5 13600KF
Motherboard AsRock B760M Steel Legend Wifi
Cooling Noctua NH-U9S
Memory 4x 16 Gb Gskill S5 DDR5 @6000
Video Card(s) Gigabyte Gaming OC 6750 XT 12GB
Storage WD_BLACK 4TB SN850x
Display(s) Gigabye M32U
Case Corsair Carbide 400C
Audio Device(s) On Board
Power Supply EVGA Supernova 650 P2
Mouse MX Master 3s
Keyboard Logitech G915 Wireless Clicky
Software The Matrix
Why are you assuming that OSX or Linux install them in userspace? Hint: they don’t. Linux one is also a kernel driver and the OSX one is a system extension (analogous to kernel driver for OSX).

Interesting. So it's a Microsoft problem then because OSX and Linux are not impacted.
 
Joined
Jun 11, 2017
Messages
275 (0.10/day)
Location
Montreal Canada
Ahhhh Remember when all Computers had the Tap the F8 and you had the menu to boot into safe mode. Then Microsoft removed this feature on all computers since windows 8 and 10 and 11. Remember that good ole last known good configurations.

I have it enabled all all our machines on the network just in case something like this happens. I think ahead.
bcdedit /set {default} bootmenupolicy legacy

It works on all systems even ones with secure boot. It does not affect the boot processs any it's just there for emergencies when you need it most.

All the people in my life that called I just said tap F8 and wait for menu and then goto Last know Good Config. All working fine now.

Cheers all
 
Joined
Nov 27, 2023
Messages
2,311 (6.42/day)
System Name The Workhorse
Processor AMD Ryzen R9 5900X
Motherboard Gigabyte Aorus B550 Pro
Cooling CPU - Noctua NH-D15S Case - 3 Noctua NF-A14 PWM at the bottom, 2 Fractal Design 180mm at the front
Memory GSkill Trident Z 3200CL14
Video Card(s) NVidia GTX 1070 MSI QuickSilver
Storage Adata SX8200Pro
Display(s) LG 32GK850G
Case Fractal Design Torrent (Solid)
Audio Device(s) FiiO E-10K DAC/Amp, Samson Meteorite USB Microphone
Power Supply Corsair RMx850 (2018)
Mouse Razer Viper (Original) on a X-Raypad Equate Plus V2
Keyboard Cooler Master QuickFire Rapid TKL keyboard (Cherry MX Black)
Software Windows 11 Pro (23H2)
Interesting. So it's a Microsoft problem then because OSX and Linux are not impacted.
No. It’s a CrowdStrike problem. The packages for different OS are different. That should be obvious. They scuffed the Windows one. That’s all there is to it. Stop it already with the “blame MS regardless of the situation”, it’s tiresome. They have plenty of reasons to be mad at, but this isn’t one.
 

Easy Rhino

Linux Advocate
Staff member
Joined
Nov 13, 2006
Messages
15,577 (2.37/day)
Location
Mid-Atlantic
System Name Desktop
Processor i5 13600KF
Motherboard AsRock B760M Steel Legend Wifi
Cooling Noctua NH-U9S
Memory 4x 16 Gb Gskill S5 DDR5 @6000
Video Card(s) Gigabyte Gaming OC 6750 XT 12GB
Storage WD_BLACK 4TB SN850x
Display(s) Gigabye M32U
Case Corsair Carbide 400C
Audio Device(s) On Board
Power Supply EVGA Supernova 650 P2
Mouse MX Master 3s
Keyboard Logitech G915 Wireless Clicky
Software The Matrix
No. It’s a CrowdStrike problem. The packages for different OS are different. That should be obvious. They scuffed the Windows one. That’s all there is to it. Stop it already with the “blame MS regardless of the situation”, it’s tiresome. They have plenty of reasons to be mad at, but this isn’t one.

Calm down. I think you are upset. I am not blaming M$, I am trying to figure out what happened...
 
Joined
Dec 6, 2022
Messages
381 (0.53/day)
Location
NYC
System Name GameStation
Processor AMD R5 5600X
Motherboard Gigabyte B550
Cooling Artic Freezer II 120
Memory 16 GB
Video Card(s) Sapphire Pulse 7900 XTX
Storage 2 TB SSD
Case Cooler Master Elite 120
So far, the solution needs to be done on each endpoint.

But since many of those have bitlocker enabled, you need to access AD for each one, but…those servers hosting the keys are also down.

There will be a lot of reimaged PCs.

About the Win vs Linux vs MacOS, i think that only Windows allow such access to the kernel, hence why anticheat rootkits cant run in Linux when using Proton for Win games.
 
Joined
Nov 27, 2023
Messages
2,311 (6.42/day)
System Name The Workhorse
Processor AMD Ryzen R9 5900X
Motherboard Gigabyte Aorus B550 Pro
Cooling CPU - Noctua NH-D15S Case - 3 Noctua NF-A14 PWM at the bottom, 2 Fractal Design 180mm at the front
Memory GSkill Trident Z 3200CL14
Video Card(s) NVidia GTX 1070 MSI QuickSilver
Storage Adata SX8200Pro
Display(s) LG 32GK850G
Case Fractal Design Torrent (Solid)
Audio Device(s) FiiO E-10K DAC/Amp, Samson Meteorite USB Microphone
Power Supply Corsair RMx850 (2018)
Mouse Razer Viper (Original) on a X-Raypad Equate Plus V2
Keyboard Cooler Master QuickFire Rapid TKL keyboard (Cherry MX Black)
Software Windows 11 Pro (23H2)
@Easy Rhino
The only thing I am upset at is abysmal levels of reading comprehension on a tech enthusiast site, honestly. In general, not with you personally. What happened is clear. CrowdStrike even published a statement. Of course, what EXACTLY has been scuffed in the package wasn’t disclosed for obvious security reasons.
 
Joined
Jan 3, 2021
Messages
3,482 (2.46/day)
Location
Slovenia
Processor i5-6600K
Motherboard Asus Z170A
Cooling some cheap Cooler Master Hyper 103 or similar
Memory 16GB DDR4-2400
Video Card(s) IGP
Storage Samsung 850 EVO 250GB
Display(s) 2x Oldell 24" 1920x1200
Case Bitfenix Nova white windowless non-mesh
Audio Device(s) E-mu 1212m PCI
Power Supply Seasonic G-360
Mouse Logitech Marble trackball, never had a mouse
Keyboard Key Tronic KT2000, no Win key because 1994
Software Oldwin
Here's where I am unable to connect the dots, please help me:
1. A corrupted boot loader causes a BSOD (without rebooting, I assume)
2. But the corrupted boot loader doesn't prevent the PC from booting in safe mode.
 
Joined
Oct 11, 2006
Messages
1,073 (0.16/day)
System Name My Current Desktop
Processor i9 12900KF
Motherboard Asus ROG STRIX Z690-E GAMING WIFI
Cooling ARCTIC Liquid Freezer II 360
Memory G.Skill Trident Z5 RGB Series 32GB (2 x 16GB) DDR5 6400 F5-6400J3239G16GA2-TZ5RS
Video Card(s) RTX 3090 FE
Storage SAMSUNG 980 PRO SSD 1TB
Display(s) Samsung G80SD
Case Fractal Design Torrent White
Audio Device(s) Schiit Bifrost2
Power Supply Corsair HX850
Mouse Razer Basilisk v3 pro
Keyboard Keychron Q6 Max (brown)
Software Win 11 Pro
Interesting. So it's a Microsoft problem then because OSX and Linux are not impacted.
I think they're separate code bases, so they wouldn't have been affected regardless.
 

Easy Rhino

Linux Advocate
Staff member
Joined
Nov 13, 2006
Messages
15,577 (2.37/day)
Location
Mid-Atlantic
System Name Desktop
Processor i5 13600KF
Motherboard AsRock B760M Steel Legend Wifi
Cooling Noctua NH-U9S
Memory 4x 16 Gb Gskill S5 DDR5 @6000
Video Card(s) Gigabyte Gaming OC 6750 XT 12GB
Storage WD_BLACK 4TB SN850x
Display(s) Gigabye M32U
Case Corsair Carbide 400C
Audio Device(s) On Board
Power Supply EVGA Supernova 650 P2
Mouse MX Master 3s
Keyboard Logitech G915 Wireless Clicky
Software The Matrix
@Easy Rhino
The only thing I am upset at is abysmal levels of reading comprehension on a tech enthusiast site, honestly. In general, not with you personally. What happened is clear. CrowdStrike even published a statement. Of course, what EXACTLY has been scuffed in the package wasn’t disclosed for obvious security reasons.

The information is still fresh for most people waking up on the east coast of the US. Plus, most people here are just into overclocking and gaming and are not really into the whole enterprise security scene. It is important to not jump to conclusions about motives when people ask questions.

Uhh? Why would you write it's a Microsoft problem if you're not considering them responsible or putting the blame on them?

It is called "making a statement" which invites a response for clarity. I am not afraid to be wrong like some people.
 
Joined
Oct 11, 2006
Messages
1,073 (0.16/day)
System Name My Current Desktop
Processor i9 12900KF
Motherboard Asus ROG STRIX Z690-E GAMING WIFI
Cooling ARCTIC Liquid Freezer II 360
Memory G.Skill Trident Z5 RGB Series 32GB (2 x 16GB) DDR5 6400 F5-6400J3239G16GA2-TZ5RS
Video Card(s) RTX 3090 FE
Storage SAMSUNG 980 PRO SSD 1TB
Display(s) Samsung G80SD
Case Fractal Design Torrent White
Audio Device(s) Schiit Bifrost2
Power Supply Corsair HX850
Mouse Razer Basilisk v3 pro
Keyboard Keychron Q6 Max (brown)
Software Win 11 Pro
Uhh? Why would you write it's a Microsoft problem if you're not considering them responsible or putting the blame on them?
TBF if Microsoft offered user-mode APIs into kernel events, it wouldn't be necessary to install a kernel driver.
 
Top