HomerJ
Prolific Poster
yes i know @SpyderTracks, i thought that as well
Jesus, who was in charge for that press release???Microsoft blames EU rules for its inability to lock down Windows following CrowdStrike incident
EU rules may have indirectly amplified recent outagewww.techradar.com
Jesus, who was in charge for that press release???
As someone who works under the EU cloud rules, I can tell you right now that’s a load of tosh!
They know full well, this will be a multi billion dollar lawsuit and they’re responsible for a large portion of that.
Yeah, and their logo could be thisI think Intel, Boeing and Microsoft should merge to create the world‘s largest worst company.
I think Intel, Boeing and Microsoft should merge to create the world‘s largest worst company.
Jesus, who was in charge for that press release???
As someone who works under the EU cloud rules, I can tell you right now that’s a load of tosh!
They know full well, this will be a multi billion dollar lawsuit and they’re responsible for a large portion of that.
This goes back to Windows Vista days according to this source, and I trust these guys over Microsoft, unfortunately Microsoft seem to have taken a very shady turn in the last year or two
Not a Great Look (Premium)
Something has been nagging at me since Microsoft blamed the EU for the CrowdStrike outage. It's time to hit the archives.www.thurrott.com
It's getting bad for Microsoft, this came out around the same time as Crowdstrike, although due to Crowdstrikes severity, this was kind of lost in all the screaming, but THIS IS JUST AS SERIOUS
Microsoft-Signed Chinese Adware Opens the Door to Kernel Privileges
An official stamp of approval might give the impression that a purported "HotPage" adtech tool is not, in fact, a dangerous kernel-level malware — but that's just subterfuge.www.darkreading.com
Yeah, it's really bad.thanks for the link, homer looked into that and, wow,
To me, what seems crazy here is that sure, give 3rd parties access to the kernel via a signed driver that's installed.@SpyderTracks well microsoft are digging a hole there
EU gave CrowdStrike keys to Windows kernel, Microsoft claims
Was a 2009 agreement on interoperability to blame?www.theregister.com
However, nothing in that undertaking would have prevented Microsoft from creating an out-of-kernel API for it and other security vendors to use. Instead, CrowdStrike and its ilk run at a low enough level in the kernel to maximize visibility for anti-malware purposes. The flip side is this can cause mayhem should something go wrong.
The Register asked Microsoft if the position reported by the Wall Street Journal was still the IT titan's stance on why a CrowdStrike update for Windows could cause the chaos it did. Redmond has yet to respond.
Windows is far from the only operating system that permits software to run at a level low enough to crash a kernel. However, failures of third-party software running at a low level in Windows can be embarrassingly public, even if Microsoft is not directly to blame
CrowdStrike’s Falcon Sensor linked to Linux crashes, too
Rapid restore tool being tested as Microsoft estimates 8.5M machines went downwww.theregister.com
To me, what seems crazy here is that sure, give 3rd parties access to the kernel via a signed driver that's installed.
Then that signed driver is served security bulletins which are essentially micro updates to that driver so that it can search for new instances on the network.
What happened here is that basically the security bulletin was a blank file addressing a block of code that didn't exist.
So to me, it has zero relevance of who set out 3rd parties addressing kernel space in the first place, it's run that way for over a decade with very few issues.
what's more relevant is that security bulletin was obviously a null file according to the Microsoft retiree above, the driver SHOULD have recognised it as being a null file, and therefor rejected it rather than trying to process the PCode. From what he said, the driver has really poor error handling, and should never have been verified by Microsoft in the first place due to that
So
1/. Crowdstrike (if they're going to survive this, which it appears they will) need to address their processes for releasing updates and unquestionably update the driver itself to improve basic error handling
2/. Microsoft need to update their verification process. Something like this should never have been put through.
3/. I may be off base here, BUT IF THERE HAD BEEN AN AI SNOOPER (such as Microsoft have had for years now on GitHub) between the 3rd party upload of the new PCode and that entering a live broadcast Windows update channel, surely that would have been enough to intercept this as a faulty update and block the distribution as a fall back protection?
When you couple number 3 with the Chinese adware issue also, there's obviously a flaw in Microsofts UHQL driver signing process, and that system needs an overhaul.
When I was working for an industrial ERP systems designer, we used to have to get drivers signed for that software suite. This would have been between about 2007 and 2011 perhaps. In those days, it was a fully automated process, as part of your Developer license (back then it was TechNet), you got access to the driver signing tool which was a downloaded program that then scanned and processed your proposed driver, then IIRC you uploaded the results to your Microsoft Dev web account, I can't remember how long the process took, I was rather worse for wear by this point, but if it passed, you got a driver signature and if it failed it gave the areas that needed attention, this signature file was then put in the relevant area within Visual Studio and paired with a valid certificate from someone like VeriSign, and as you compile the code, the WHQL signing is added to the driver, then you upload that driver to the WHQL catalogue
Azure across the board has been really unstable now for about 6 months, there have been outages most days, most of them fairly innocuous but enough to disrupt daily business usage in one way or another.what could come out of this is microsoft having to tighten up as businesses are going to sue big time
Wow, OMG, that timing is going to hurt them!CrowdStrike says hackers are threatening to leak sensitive information about adversaries
The company said some of its information had already been released.www.nbcnews.com
I can't believe they actually did that, when I saw that hitting newsfeeds, I just assumed it was sattire, who in their right minds thought that was a great PR move???@SpyderTracks things happened
CrowdStrike backlash over $10 apology voucher for IT chaos
Cybersecurity firm is branded a "clown show" for gesture after an update caused widespread disruption.www.bbc.co.uk
I can't believe they actually did that, when I saw that hitting newsfeeds, I just assumed it was sattire, who in their right minds thought that was a great PR move???
Someone, somewhere, gets paid A LOT of money to green light those decisions. Baffling.I can't believe they actually did that, when I saw that hitting newsfeeds, I just assumed it was sattire, who in their right minds thought that was a great PR move???
Microsoft now admitting the risk is too great and working to remove security vendors out of the Windows Kernel space
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft drops subtle hints about the future direction of Windows security.www.theverge.com