Op 5-8-2024 om 23:47 schreef Ralf Quint via Freedos-user:
On 8/5/2024 12:30 PM, Roderick Klein via Freedos-user wrote:
It's not the driver! It has been dissected on various cyber security
sites and confirmed by CrowdStrike that the problem is a a typo in a
configuration file for CrowdStrike's Falcon Sensor update installer.
That causes a parsing error, which (what shouldn't happened in the
first place) caused an abort in the startup process of Windows (and
only that part is relevant from that video). And thus an endless
reboot/blue screen loop, unless that faulty installer config file is
manually removed and thus the installation of the intended update is
being skipped...
The way I understand it was logic error in the driver, that should
have not blown up in the first place. The driver should have done
proper syntax checking. Or did I understand wrong ?
https://www.youtube.com/watch?v=ZHrayP-Y71Q
Roderick
AGAIN, the July 19th issue (directly) was not a logic error in the
driver, but an error/typo in one of the config files of an update that
was erroneously pushed out with an update that day for the "Falcon
Sensor", a vulnerability scanner supplied by CrowdStrike via "the
cloud". The error in the driver was in the update procedure, that did
not properly account for such a stupid error in the config file to
occur. No update, no problem.
That's why the issue COULD have been easily fixed, if one had immediate
physical access to the effected machine, by removing that buggered
config file. No config file, no update attempt, no crash.
Thats just the whole headache. Should a device driver, running at ring 0
not have proper syntax checking instead of blowing up a system duo to
badly read config file ?
Roderick
_______________________________________________
Freedos-user mailing list
Freedos-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/freedos-user
