TECH NEWS – Crowdstrike may never get out of the hole it’s in after a seemingly innocent update caused major outages in several industries around the world.
Microsoft says that only 1% of devices running Windows were affected by the bug. That’s still 8.5 million machines, which could have caused some (?) uncomfortable hours (days?) for some sysops and system admins, and the Redmond-based tech giant has sent hundreds of engineers and experts to its partners to help restore systems and services, The Verge reports. Microsoft is also working with Crowdstrike on a solution. But what caused all this?
At the heart of the bug was a configuration file in Crowdstrike’s Falcon platform update. This caused a logical error that resulted in an infinite blue screen of death (BSOD) loop on PCs running Falcon. The company fixed this in an update, and Microsoft has developed a special recovery tool to remove the buggy update. The original update was designed to target malicious, newly observed pipes in C2 frameworks commonly used in cyberattacks. Instead, it broke the entire infrastructure. Before Microsoft’s tool was released, administrators had to reboot affected devices to manually remove the buggy file in Safe Mode or Recovery.
It is fair to ask how such an update could have found its way onto major systems. David W. Plummer, a former Microsoft engineer, explained how the debugging and testing processes were very different in his day. The current bug was caused by a Crowdstrike driver that passed WHQL testing but still had the potential to download and execute code that Microsoft had not validated. So a rogue driver could hack entire systems.
How we did this in the old days:
When I was on Windows, this was the type of thing that greeted you every morning. Every. Single. Morning.You see, we all had a secondary “debug” PC, and each night we’d run NTStress on all of them, and all the lab machines. NTStress would… pic.twitter.com/rZkvpujbcr
— Dave W Plummer (@davepl1968) July 20, 2024
It turns out that Crowdstrike’s buggy Falcon also affects Linux, and there was even a bug in mid-June. RedHat has identified Crowdstrike’s software as the cause of the kernel panic (the Linux equivalent of the Windows BSOD), and The Register reports that older Falcon updates treated Debian and RockyLinux similarly.
They got lazy about testing. That’s why this happened.
Source: PCGamer