Buongiorno,

executive summary: se non è un supply-chain attack i responsabili della
distribuzione degli aggiornamenti dovrebbero nascondersi... lontano
lontano.  Attendiamo aggiornamenti.

Brutta giornata oggi quella dei sysadmin che su MS Windows usano il
"Falcon Sensor" di CrowdStrike... e per tutti gli utenti dei servizi
(tanti, troppi!) gestiti da simili sistemi.

L'impatto sui moltissimi servizi in molte parti del mondo è ancora poco
chiaro ma è già abbastanza da creare indicibili disagi su informazione,
trasporti e sanità: https://en.wikipedia.org/wiki/July_2024_global_cyber_outages

La causa ormai praticamente certa è l'aggiornamento (bacato) di "Falcon
Sensor" della società CrowdStrike (per la serie The Empire Strikes Back
aka Star Wars: Episode V :-O ).

https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/
«CrowdStrike code update bricking PCs around the world»
[2024-07-19 ven 10:27]

--8<---------------cut here---------------start------------->8---

UPDATED An update to a product from infosec vendor CrowdStrike is
bricking computers running Windows.

/The Register/ has found numerous accounts of Windows 10 PCs crashing,
displaying the Blue Screen of Death, then being unable to reboot.

“We're seeing BSOD Org wide that are being caused by csagent.sys, and
it's taking down critical services. I'll open a ticket, but this is a
big deal,” [wrote] one user.

Forums [report] that Crowdstrike has issued an advisory with a URL
that includes the text
"Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19" – but
it's behind a regwall that only customers can access.

An apparent [screenshot] of that article reads "CrowdStrike is aware
of reports of crashes on Windows hosts related to the Falcon
Sensor. Symptoms include hosts experiencing a bugcheck\blue screen
error related to the Falcon Sensor."

CrowdStrike's engineers are working on the issue.

Falcon Sensor is an agent that CrowdStrike [claims] "blocks attacks on
your systems while capturing and recording activity as it happens to
detect threats fast."

Right now, however, the sensor appears to be the threat.

Updated at 0730 UTC to add Brody Nisbet, CrowdStrike's chief threat
hunter, has confirmed the issue and on X [posted] the following:

There is a faulty channel file, so not quite an update. There is a
workaround… 1. Boot Windows into Safe Mode or WRE. 2. Go to
C:\Windows\System32\drivers\CrowdStrike 3. Locate and delete file
matching "C-00000291*.sys" 4. Boot normally.

In a later post he wrote "That workaround won't help everyone though
and I've no further actionable help to provide at the minute".

More to come as the situation evolves …

[CrowdStrike code update bricking PCs around the world]
<https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/>

[wrote] <https://twitter.com/McCurdy1987/status/1814164537815585049>

[report]
<https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/>

[screenshot]
<https://twitter.com/Xaaavier_8613/status/1814180533108400569>

[claims]
<https://www.crowdstrike.com/products/trials/try-falcon-prevent/>

[posted] <https://x.com/brody_n77/status/1814185935476863321>

--8<---------------cut here---------------end--------------->8---

Saluti, 380°

-- 
380° (Giovanni Biscuolo public alter ego)

«Noi, incompetenti come siamo,
 non abbiamo alcun titolo per suggerire alcunché»

Disinformation flourishes because many people care deeply about injustice
but very few check the facts.  Ask me about <https://stallmansupport.org>.

Attachment: signature.asc
Description: PGP signature

Reply via email to