That CrowdStrike IT world outage

Retro

Founder
Staff Member
Joined
4 Jun 2021
Messages
5,611 (4.51/day)
When I woke up this morning to the news of this massive global IT outage, I was sure it was a cyberattack, especially given the timing of Zelensky visiting the UK today and Trump's inflamatory acceptance presidential nomination speech overnight. However, it turned out instead to be some dodgy little update from CrowdStrike that took everything out! It wasn't even meant to be a very important update, hence it wasn't tested as thoroughly as others which is why it wasn't caught before release. Seriously, if this had been a movie plot, one would have said nah, too implausible, yet here we are, with the continuing aftermath of this royal cockup. Let's see how it develops.

Cyber-security firm Crowdstrike has admitted that the problem was caused by an update to its antivirus software, which is designed to protect Microsoft Windows devices from malicious attacks.

Microsoft has said it is taking "mitigation action" to deal with "the lingering impact" of the outage.


Live news coverage:
 

Geffers

Linux enthusiast
Joined
1 Jul 2021
Messages
558 (0.46/day)
When I woke up this morning to the news of this massive global IT outage, I was sure it was a cyberattack, especially given the timing of Zelensky visiting the UK today and Trump's inflamatory acceptance presidential nomination speech overnight.
Trump's fault :cool:
 

Astro What

Well-known member
Joined
6 Jun 2024
Messages
247 (1.68/day)
I wish I could pin this one on him, lol.
Hey, he did fire the top election security expert head (Krebs) that was good at what he did.... because he had the temerity to say that the election was one of the most secure in history and that went against the fairy-tale of massive fraud that Trump was banging the toy drum over. But Krebs didn't have anything to do with regular worldwide computer security... but his firing does show a disturbing trend.

As for this latest SNAFU (the acronym), this is not the first time an update from a software provider has caused massive issues. It just happens that it was one of the largest so far since more and more companies are becoming reliant on smaller pool of providers. And once more it was because of sloppy QC on the part of a company. From some of the stuff I've read, they didn't adequately check the "update" before they pushed it out.
Microsoft has also been a victim of this type of lack of quality assurance when pushing out updates. So has IBM.
So it's not limited to any particular company. It's just telling on how quickly being lazy/sloppy in your QC can affect so many people so quickly.


Mac and Linux users weren't affected by this.
Not directly, no. And not even on my desktop machines.
It's been estimated that it only affected about 1% of existing Windows computers.
 

Retro

Founder
Staff Member
Joined
4 Jun 2021
Messages
5,611 (4.51/day)
Dave explains in fascinating technical detail what actually happened to cause all those blue screens.

Watching this, one gets a better sense of how malware can generally compromise a system if it gets into the wrong places.

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
 

live627

Well-known member
Joined
12 Jul 2022
Messages
315 (0.37/day)
Just came here to post that. I dont quite understand why that software needs kernel-leevel access. Or maybe I should actually learn what it is first.
 

Retro

Founder
Staff Member
Joined
4 Jun 2021
Messages
5,611 (4.51/day)
It's antivirus software so it needs to work at the lowest level. The video is well worth watching.
 

live627

Well-known member
Joined
12 Jul 2022
Messages
315 (0.37/day)
oh I see. Found some delicious nerdy details, programmer approved:

CrowdStrike needs kernel space to override syscalls like reading files, mmap, etc. Rootkits and other malware will rewrite syscalls as well. There is no way to intercept calls/access memory for other processes in userspace, and AV is perpetually trying to be "on top", hence the kernel-mode drivers. All AV works like this - once it's hooked in, processes that e.g. read files will be accessing it through a rewritten fopen() syscall that goes through CrowdStrike's driver.
 

Retro

Founder
Staff Member
Joined
4 Jun 2021
Messages
5,611 (4.51/day)
Dave has an update on the CrowdStrike issue.

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.
 
Back
Top Bottom