Some observations around the root cause analysis statement put out by Crowdstrike.
On July 19, 2024, a Rapid Response Content update was delivered to certain Windows hosts, evolving the new capability first released in February 2024. The sensor expected 20 input fields, while the update provided 21 input fields. In this instance, the mismatch resulted in an out-of-bounds memory read, causing a system crash. Our analysis, together with a third-party review, confirmed this bug is not exploitable by a threat actor.
Despite their statement that "As outlined in the RCA, this new sensor capability was developed and tested according to our standard software development processes." the scenario failure appears to be such a fundamental one you would have thought tthis particular case would have been tripped over previously.
Be that as it may, part of the response to the failure is to "Prevent the creation of problematic Channel 291 files. Validation for the number of input fields has been implemented to prevent this issue from happening."
The incident has certainly ruffled feathers and not just with their customers. Microsoft is non too pleased allowing access to the operating system kernel has magnified the risk factor due to failures like this.
.This blog is mostly about helping small and medium sized businesses use technology. Size necessarily dictates different priorities but the ability to apply the tools available to differentiate your online presence should not be a constraint to growing your business. Helping you bring your ideas to fruition is what we’re about. Perhaps developing ways which allow you to better connect with your customers by implementing a new service platform or simply a rejuvenation of your website...
Know more!