My understanding of the #CrowdStrike root cause:
They pushed out a defective "Channel file" (some kind of config?) to #FalconSensor customers. This gets uploaded to CrowdStrike's Windows kernel module, which fails to perform correct bounds checking. The resulting #BufferOverflow results in a crash of the kernel module and thus the entire system. Correct?
#BSOD
Marcel Waldvogel /
npub1pv…pqjey
2024-07-19 13:28:27
Author Public Key
npub1pvwwfcwuspuwyjmzh5jlh3xc0y32lvyyg8n45tvsq2wm2eskvwysupqjeyPublished at
2024-07-19 13:28:27Event JSON
{
"id": "be300c244825df123da5b47ace4764af857efed481ee0c13a0f1f7cee13ff3b2",
"pubkey": "0b1ce4e1dc8078e24b62bd25fbc4d87922afb08441e75a2d90029db566166389",
"created_at": 1721395707,
"kind": 1,
"tags": [
[
"t",
"crowdstrike"
],
[
"t",
"falconsensor"
],
[
"t",
"bufferoverflow"
],
[
"t",
"bsod"
],
[
"proxy",
"https://waldvogel.family/users/marcel/statuses/112813389057850858",
"activitypub"
]
],
"content": "My understanding of the #CrowdStrike root cause:\n\nThey pushed out a defective \"Channel file\" (some kind of config?) to #FalconSensor customers. This gets uploaded to CrowdStrike's Windows kernel module, which fails to perform correct bounds checking. The resulting #BufferOverflow results in a crash of the kernel module and thus the entire system. Correct?\n#BSOD",
"sig": "883f8f5ed3cdb4261736e06682807020715fd5246edbd0d9f3f84f033c602701491ae3e85547571619f977fbb2e64170a2ffa9460972c210a28d272c1ea2cbfc"
}