Last Friday, an update released by CrowdStrike caused serious problems on 8.5 million Windows devices worldwide. Although Microsoft stated that this number constitutes less than one percent of all Windows devices, the technical glitches caused widespread problems in many sectors such as retail, banking and aviation.
CrowdStrike made a technical statement after this incident and explained in detail why the problem occurred and why so many systems were affected. At the heart of the problem are the configuration files used in the Falcon sensor’s behavioral protection mechanisms.
CrowdStike source of problem: Configuration files
According to CrowdStrike’s statement, configuration files that determine how the Falcon sensor evaluates certain operations in the operating system were shown to be the main cause of this problem. These files are updated several times a day by CrowdStrike in response to new tactics, techniques, and procedures. However, a sensor configuration update released on July 19, 2024 at 07:09 UTC triggered a logic error, causing a system crash and Blue Screen of Death (BSOD) error.
The impact of the problem was quite wide. Systems running Windows 7.11 and above were subject to this crash if they downloaded this update between 07.09 and 08.27 ET. This update was forcefully pushed to all computers despite having settings to prevent automatic updates.
Security researcher and Objective See founder Patrick Wardle, in his analysis of this problem, stated that the file named “C-00000291” causes a logic error and causes the operating system to crash. According to Wardle, this crash, which occurred through the CSAgent.sys file, caused one of the critical components of the Windows operating system to malfunction.
CrowdStrike quickly intervened to resolve the issue to prevent users from encountering such issues. However, this situation has shaken the trust of companies and individuals in digital security systems. Especially in sectors with sensitive data, such as large companies and financial institutions, such technical glitches can have serious consequences.
Source link: https://www.teknoblog.com/crowdstrike-hatali-guncellemesi-85-windows-sistemini-cokertti/