Microsoft has a great technical breakdown of the CrowdStrike incident. The root cause is an access violation in CrowdStrike’s kernel mode driver.
There are valid reasons for security software to run in the kernel but it causes such bugs to be fatal. Key takeaways
1. It’s unlikely Microsoft will make OS changes to prevent this from happening as it also restricts CrowdStrike’s security product.
2. There were inadequate testing and deployment practices at CrowdStrike.
https://www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools/
Dare Obasanjo /
npub1t7…ydsf2
2024-07-28 15:06:06
Author Public Key
npub1t7rr7j99rwt57zrqnfd9sxxcmpy034647rmp2k22vfk6gugm0rfqaydsf2Published at
2024-07-28 15:06:06Event JSON
{
"id": "9d1020233bbfb241c40933c2c4dd283cfb1ec887066d48ab1e7e414589e6d76d",
"pubkey": "5f863f48a51b974f08609a5a5818d8d848f8d755f0f615594a626da4711b78d2",
"created_at": 1722179166,
"kind": 1,
"tags": [
[
"proxy",
"https://mas.to/@carnage4life/112864733866130806",
"web"
],
[
"proxy",
"https://mas.to/users/carnage4life/statuses/112864733866130806",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mas.to/users/carnage4life/statuses/112864733866130806",
"pink.momostr"
],
[
"-"
]
],
"content": "Microsoft has a great technical breakdown of the CrowdStrike incident. The root cause is an access violation in CrowdStrike’s kernel mode driver.\n\nThere are valid reasons for security software to run in the kernel but it causes such bugs to be fatal. Key takeaways \n\n1. It’s unlikely Microsoft will make OS changes to prevent this from happening as it also restricts CrowdStrike’s security product.\n\n2. There were inadequate testing and deployment practices at CrowdStrike.\n\nhttps://www.microsoft.com/en-us/security/blog/2024/07/27/windows-security-best-practices-for-integrating-and-managing-security-tools/",
"sig": "823af15aef3ed6e04d603df8be6e02689b28d1dd19ee257a2603abb24a5637586e041b8804689905ffafe0b521a10f03c214a563e03b0b753685e9ad308d98f6"
}