On 8/5/2024 12:30 PM, Roderick Klein via Freedos-user wrote:
It's not the driver! It has been dissected on various cyber security
sites and confirmed by CrowdStrike that the problem is a a typo in a
configuration file for CrowdStrike's Falcon Sensor update installer.
That causes a parsing error, which (what shouldn't happened in the
first place) caused an abort in the startup process of Windows (and
only that part is relevant from that video). And thus an endless
reboot/blue screen loop, unless that faulty installer config file is
manually removed and thus the installation of the intended update is
being skipped...
The way I understand it was logic error in the driver, that should
have not blown up in the first place. The driver should have done
proper syntax checking. Or did I understand wrong ?
https://www.youtube.com/watch?v=ZHrayP-Y71Q
Roderick
AGAIN, the July 19th issue (directly) was not a logic error in the
driver, but an error/typo in one of the config files of an update that
was erroneously pushed out with an update that day for the "Falcon
Sensor", a vulnerability scanner supplied by CrowdStrike via "the
cloud". The error in the driver was in the update procedure, that did
not properly account for such a stupid error in the config file to
occur. No update, no problem.
That's why the issue COULD have been easily fixed, if one had immediate
physical access to the effected machine, by removing that buggered
config file. No config file, no update attempt, no crash.
What the videos keep ranting about is that this vulnerability scanner,
due to the nature of its purpose, is loaded very early in the Windows
boot process, by a specific API that Microsoft provides, that has those
type of scanners as a very low level kernel "driver", as they need to be
active that early in the boot process to detect things like root kits,
etc...
Here's on a quick search the best (short) description of the issue.
https://www.darkreading.com/endpoint-security/crowdstrike-crash-buggy-security-content-update
Ralf
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user
