<a href="https://cyberplace.social/@GossiTheDog/112812260542179660" rel="nofollow">https://cyberplace.social/@GossiTheDog/112812260542179660</a><p>> I've obtained copies of the .sys driver files Crowdstrike customers have. They're garbage. Each customer appears to have a different one.<p><a href="https://cyberplace.social/@GossiTheDog/112812454405913406" rel="nofollow">https://cyberplace.social/@GossiTheDog/112812454405913406</a><p>> The .sys files causing the issue are channel update files, they cause the top level CS driver to crash as they're invalidly formatted. It's unclear how/why Crowdstrike delivered the files and I'd pause all Crowdstrikes updates temporarily until they can explain.
It's a crowdstrike update file with a bug in it, from what I gather. This makes your Windows machine go blue screen and stop working as it starts up. If you manage to remove it by various methods, it doesn't run and you're fine.<p>More informed people will give you more details, but this kind of AV software often has privileged access to the OS, so it can scan your files. The same privileged access also means it can really mess things up if it's not well tested.<p>By contrast your ordinary python or VBA script should not be able to blue screen your machine, especially not during startup.
On another note, I know nothing about cybersec, is there a reason for which antivirus on windows run at ring 0 while I read that on Linux and Mac they don't have kernel level access?
Just kernel drivers. To know what is inside, you can disassemble them with <a href="https://github.com/NationalSecurityAgency/ghidra">https://github.com/NationalSecurityAgency/ghidra</a>
Hm, is there any website that explains why C-00000291*.sys caused the widespread BSODs? For example, was it some kind of definition file that was accessing invalid memory locations?
New to IT, but this sure seems like a huge security risk. Even though the CEO and others have said otherwise. People who are more experienced, please let me know if I am wrong.
Wouldn't want to be the guy who pushed this particular commit. It's ironic that the company that is supposed to prevent this sort of thing causes the biggest worldwide outage ever. Crowdstrike is finished. Let's hope this will result in at least a small increase in desktop Linux market share.
How is the * (star / asterisk) character allowed in the file name?<p>I thought such characters are forbidden by Windows.<p><a href="https://learn.microsoft.com/en-us/windows/win32/fileio/naming-a-file" rel="nofollow">https://learn.microsoft.com/en-us/windows/win32/fileio/namin...</a><p>How did the tool even manage to create such a file?