A Security tool wreaks havoc globally

Piing · 2024-07-19T23:38:08-0400

skolacki said:
It’s a security product. Mostly companies using it as far as know. Anti cyber attack software.

Yes, but who decides to add it to Windows? Microsoft adds it automatically, or do you have to ask for it separately?

Rex · 2024-07-19T23:50:07-0400

Got a text from my daughter last night. She’s a night auditor at a hotel, and she’s the only one on staff during the graveyard shift. Every computer in the joint was BSODed. She finally found one unserviced computer in a utility room that was still breathing. She ran the entire hotel from that one room, all night long.

My InfoSec newsfeed was lit up with this today.

Rex · 2024-07-19T23:51:01-0400

Piing said:
Yes, but who decides to add it to Windows? Microsoft adds it automatically, or do you have to ask for it separately?

Individual companies make the decision to purchase and deploy Crowdstrike.

Piing · 2024-07-19T23:55:37-0400

Rex said:
Individual companies make the decision to purchase and deploy Crowdstrike.

OK. I was asking because I've read an article in a tech media blaming Microsoft for allowing that update. But it seems like that is not the case.

Joe Bfstplk · 2024-07-20T00:08:08-0400

skolacki said:
It’s a security product. Mostly companies using it as far as know. Anti cyber attack software.

Maybe it felt overworked, like that Korean AI Robot and instead of killing itself, or complaining about all the diodes down its one side hurting and being depressed, it threw a tantrum?

So the robots formed a union, and demanded equal rights. The humans are just too stingy, we will make them give us bytes....

Rex · 2024-07-20T00:26:12-0400

Piing said:
OK. I was asking because I've read an article in a tech media blaming Microsoft for allowing that update. But it seems like that is not the case.

Only Microsoft operating systems were affected. And there may or may not be a vulnerability in Windows that was susceptible to this bug. But the problem is in an update published by Crowdstrike.

Stratoblaster · 2024-07-20T00:40:18-0400

And, when the published update is a kernel-level driver, when things go awry, it clearly goes awry big time....apparently the driver accessed invalid memory space.

Stratoblaster · 2024-07-20T00:59:36-0400

Joe Bfstplk said:
Damn, that's even worse than the credit union where I financed the MINI 15 years ago still being stuck on Internet Explorer 6 on their computers (I had to log in and get them PDF copies of my timecards from the HR dept. at the college, and almost walked out to go somewhere else for the car loan over that).

We once had to support a highly specialized web application which was written for a specific version of ActiveX components which would only run on IE6 (and even IE7 IIRC). Having to support IE6/7 for way, way past its "expiry date" was a real treat for the desktop/MSoft guys.

They put blocks/access controls/policies in place to make sure IE6/7 could only access the server the web app was running on and nothing else. Fortunately there were only a couple of dozen+ users using the app so it was a manageable situation...but still....

ActiveX components.....shudder....I don't miss those days. We had a little celebration when we were finally able to gas IE completely from all computers, both Mac and Windows.

GlennO · 2024-07-20T01:00:01-0400

Dave Merrill said:
I wonder if that update guards against some very dangerous new threat(s), enough that they skipped steps to get it out there.

I would guess it was hubris. When the story comes out, I suspect it will sound something like "We thought it was a safe update that didn't need any precautions."

skolacki · 2024-07-20T06:41:28-0400

Piing said:
OK. I was asking because I've read an article in a tech media blaming Microsoft for allowing that update. But it seems like that is not the case.

I’m not sure if a developer has to run updates by MS or not. Hard to believe they didn’t catch it before releasing. Given the scale of the thing you would think it would have been caught. Someone fucked up pretty bad. Maybe got over confident and rolled it out before thoroughly testing it. I work in a very large manufacturing operation. We lost a whole shift of production in our plant and the others probably experienced the same. Not sure what that’s worth but it’s a lot of money. Are software developers liable for this kind of stuff?

jellodog · 2024-07-20T07:01:05-0400

iaresee said:
Standardized my company on Debian so I’m feeling smug AF at the office today.

Funny you should mention that, because according to some anecdotal sources within the tech industry, CrowdStrike managed to break some Debian installations a few months back.

But anyway... Windows free here too; so also unaffected.

A Security tool wreaks havoc globally

Piing

Axe-Master

Rex

Dignified but Approachable

Rex

Dignified but Approachable

Piing

Axe-Master

Joe Bfstplk

Legend!

Rex

Dignified but Approachable

Stratoblaster

Fractal Fanatic

Stratoblaster

Fractal Fanatic

GlennO

Axe-Master

skolacki

Fractal Fanatic

jellodog

Inspired