#

CrowdStrike Explains What Caused the Worldwide BSOD Chaos!

CrowdStrike Last week, the globe was surprised by the amount of Windows devices seeing the blue screen of death error, with Microsoft reporting that at least 8.5 million Windows PCs worldwide are afflicted by this issue. As a result, numerous professions were disrupted, including those in aviation, health, education, and banking, and all Windows systems that use the Falcon Sensor Agent were affected.

While CrowdStike and Microsoft have proposed solutions, the confusion creates an opportunity for hackers to publish false manuals and even harmful viruses that would undoubtedly affect users.

So, what exactly produced this shambles? CrowdStrike has acknowledged the cause of the turmoil, stating that the Rapid Response Content upgrade revealed a flaw with the InterProcess Communication (IPC) Template, which was wrongly verified during testing. The failing IPC is to blame for all of this mess.

And here is a timetable and synopsis of the reason for the pandemonium, as reported by CrowdStrikes official sources:

What happened?

CrowdStrike deployed a content configuration update for Windows sensors on Friday, July 19, 2024, at 04:09 UTC, as part of normal activities to collect data on potential new attack tactics.

This update is a standard component of the Falcon platform’s dynamic protection features. Unfortunately, the quick response to this content configuration upgrade caused Windows computers to crash.

Windows hosts using sensor version 7.11 or above that went online between Friday, July 19, 2024 04:09 UTC and Friday, July 19, 2024, 05:27 UTC, and got the update are among those covered. Mac and Linux hosts are unaffected.

The issue in the content configuration update was fixed on Friday, July 19, 2024, at 05:27 UTC. Systems that went live after this time or were not connected at this time are unaffected.

See also  What is a Project Management Office (PMO)

What went wrong, and why?

CrowdStrike provides security content configuration updates to sensors in two ways: sensor content, which is sent directly with the sensors, and rapid response content, which is meant to respond to changes in the threat landscape at operational speed.

The problem on Friday was caused by an undiscovered fault during a Rapid Response Content upgrade.

In brief, on July 19, 2024, two more IPC Instance Templates were deployed. Due to a fault in the Content Validator, one of the two Instance Templates passed validation despite having incorrect content data.

This instance was put to production based on the testing done before the original deployment of the Template Type (on March 5, 2024), faith in the Content Validator’s tests, and the previous successful deployment of the IPC Template Instance.

When the sensor received the material and put it into the material Interpreter, it was troublesome in Channel File 291 and caused an out-of-bounds memory read, resulting in an exception. This unexpected exception was not handled correctly, resulting in a Windows operating system crash (BSOD).

You May Also Like

About the Author: diabellstar

Leave a Reply

Your email address will not be published. Required fields are marked *