Crowdstrike outage

SpyderTracks

We love you Ukraine
Jesus, who was in charge for that press release???

As someone who works under the EU cloud rules, I can tell you right now that’s a load of tosh!

They know full well, this will be a multi billion dollar lawsuit and they’re responsible for a large portion of that.

This goes back to Windows Vista days according to this source, and I trust these guys over Microsoft, unfortunately Microsoft seem to have taken a very shady turn in the last year or two


It's getting bad for Microsoft, this came out around the same time as Crowdstrike, although due to Crowdstrikes severity, this was kind of lost in all the screaming, but THIS IS JUST AS SERIOUS

 
Last edited:

HomerJ

Prolific Poster
Jesus, who was in charge for that press release???

As someone who works under the EU cloud rules, I can tell you right now that’s a load of tosh!

They know full well, this will be a multi billion dollar lawsuit and they’re responsible for a large portion of that.

didnt a lot of this happen outside the eu in which case lols................. i mean US isnt in the eu
 

SpyderTracks

We love you Ukraine
I think Intel, Boeing and Microsoft should merge to create the world‘s largest worst company.
Yeah, and their logo could be this

bg,f8f8f8-flat,750x,075,f-pad,750x1000,f8f8f8.u3.jpg
 

HomerJ

Prolific Poster
Jesus, who was in charge for that press release???

As someone who works under the EU cloud rules, I can tell you right now that’s a load of tosh!

They know full well, this will be a multi billion dollar lawsuit and they’re responsible for a large portion of that.

This goes back to Windows Vista days according to this source, and I trust these guys over Microsoft, unfortunately Microsoft seem to have taken a very shady turn in the last year or two


It's getting bad for Microsoft, this came out around the same time as Crowdstrike, although due to Crowdstrikes severity, this was kind of lost in all the screaming, but THIS IS JUST AS SERIOUS


thanks for the link, homer looked into that and, wow,

 

SpyderTracks

We love you Ukraine

HomerJ

Prolific Poster
@SpyderTracks well microsoft are digging a hole there


However, nothing in that undertaking would have prevented Microsoft from creating an out-of-kernel API for it and other security vendors to use. Instead, CrowdStrike and its ilk run at a low enough level in the kernel to maximize visibility for anti-malware purposes. The flip side is this can cause mayhem should something go wrong.

The Register asked Microsoft if the position reported by the Wall Street Journal was still the IT titan's stance on why a CrowdStrike update for Windows could cause the chaos it did. Redmond has yet to respond.
Windows is far from the only operating system that permits software to run at a level low enough to crash a kernel. However, failures of third-party software running at a low level in Windows can be embarrassingly public, even if Microsoft is not directly to blame

 

SpyderTracks

We love you Ukraine
@SpyderTracks well microsoft are digging a hole there


However, nothing in that undertaking would have prevented Microsoft from creating an out-of-kernel API for it and other security vendors to use. Instead, CrowdStrike and its ilk run at a low enough level in the kernel to maximize visibility for anti-malware purposes. The flip side is this can cause mayhem should something go wrong.

The Register asked Microsoft if the position reported by the Wall Street Journal was still the IT titan's stance on why a CrowdStrike update for Windows could cause the chaos it did. Redmond has yet to respond.
Windows is far from the only operating system that permits software to run at a level low enough to crash a kernel. However, failures of third-party software running at a low level in Windows can be embarrassingly public, even if Microsoft is not directly to blame

To me, what seems crazy here is that sure, give 3rd parties access to the kernel via a signed driver that's installed.

Then that signed driver is served security bulletins which are essentially micro updates to that driver so that it can search for new instances on the network.

What happened here is that basically the security bulletin was a blank file addressing a block of code that didn't exist.

So to me, it has zero relevance of who set out 3rd parties addressing kernel space in the first place, it's run that way for over a decade with very few issues.

what's more relevant is that security bulletin was obviously a null file according to the Microsoft retiree above, the driver SHOULD have recognised it as being a null file, and therefor rejected it rather than trying to process the PCode. From what he said, the driver has really poor error handling, and should never have been verified by Microsoft in the first place due to that

So

1/. Crowdstrike (if they're going to survive this, which it appears they will) need to address their processes for releasing updates and unquestionably update the driver itself to improve basic error handling

2/. Microsoft need to update their verification process. Something like this should never have been put through.

3/. I may be off base here, BUT IF THERE HAD BEEN AN AI SNOOPER (such as Microsoft have had for years now on GitHub) between the 3rd party upload of the new PCode and that entering a live broadcast Windows update channel, surely that would have been enough to intercept this as a faulty update and block the distribution as a fall back protection?

When you couple number 3 with the Chinese adware issue also, there's obviously a flaw in Microsofts UHQL driver signing process, and that system needs an overhaul.

When I was working for an industrial ERP systems designer, we used to have to get drivers signed for that software suite. This would have been between about 2007 and 2011 perhaps. In those days, it was a fully automated process, as part of your Developer license (back then it was TechNet), you got access to the driver signing tool which was a downloaded program that then scanned and processed your proposed driver, then IIRC you uploaded the results to your Microsoft Dev web account, I can't remember how long the process took, I was rather worse for wear by this point, but if it passed, you got a driver signature and if it failed it gave the areas that needed attention, this signature file was then put in the relevant area within Visual Studio and paired with a valid certificate from someone like VeriSign, and as you compile the code, the WHQL signing is added to the driver, then you upload that driver to the WHQL catalogue
 
Last edited:

HomerJ

Prolific Poster
To me, what seems crazy here is that sure, give 3rd parties access to the kernel via a signed driver that's installed.

Then that signed driver is served security bulletins which are essentially micro updates to that driver so that it can search for new instances on the network.

What happened here is that basically the security bulletin was a blank file addressing a block of code that didn't exist.

So to me, it has zero relevance of who set out 3rd parties addressing kernel space in the first place, it's run that way for over a decade with very few issues.

what's more relevant is that security bulletin was obviously a null file according to the Microsoft retiree above, the driver SHOULD have recognised it as being a null file, and therefor rejected it rather than trying to process the PCode. From what he said, the driver has really poor error handling, and should never have been verified by Microsoft in the first place due to that

So

1/. Crowdstrike (if they're going to survive this, which it appears they will) need to address their processes for releasing updates and unquestionably update the driver itself to improve basic error handling

2/. Microsoft need to update their verification process. Something like this should never have been put through.

3/. I may be off base here, BUT IF THERE HAD BEEN AN AI SNOOPER (such as Microsoft have had for years now on GitHub) between the 3rd party upload of the new PCode and that entering a live broadcast Windows update channel, surely that would have been enough to intercept this as a faulty update and block the distribution as a fall back protection?

When you couple number 3 with the Chinese adware issue also, there's obviously a flaw in Microsofts UHQL driver signing process, and that system needs an overhaul.

When I was working for an industrial ERP systems designer, we used to have to get drivers signed for that software suite. This would have been between about 2007 and 2011 perhaps. In those days, it was a fully automated process, as part of your Developer license (back then it was TechNet), you got access to the driver signing tool which was a downloaded program that then scanned and processed your proposed driver, then IIRC you uploaded the results to your Microsoft Dev web account, I can't remember how long the process took, I was rather worse for wear by this point, but if it passed, you got a driver signature and if it failed it gave the areas that needed attention, this signature file was then put in the relevant area within Visual Studio and paired with a valid certificate from someone like VeriSign, and as you compile the code, the WHQL signing is added to the driver, then you upload that driver to the WHQL catalogue

what could come out of this is microsoft having to tighten up as businesses are going to sue big time
 

SpyderTracks

We love you Ukraine
what could come out of this is microsoft having to tighten up as businesses are going to sue big time
Azure across the board has been really unstable now for about 6 months, there have been outages most days, most of them fairly innocuous but enough to disrupt daily business usage in one way or another.

I don't know what's going on with them, but instability in Azure, then them announcing Recall which even the most IT illiterate person would have recognised was going to go down awfully as a gaping security concern, then their seriously dodgy goings on with basically any AI company including OpenAI and now MistralAI



I know MS have never been particularly "good guys" but this has been a really dodgy year or so for them, all this seems really underhand and I don't understand why they'd put themselves under such jeopardy because it's really hurting their brand in the corporate space. People are losing trust.
 
Last edited:

HomerJ

Prolific Poster
I can't believe they actually did that, when I saw that hitting newsfeeds, I just assumed it was sattire, who in their right minds thought that was a great PR move???

this was the best bit

CrowdStrike confirmed to the BBC that it sent the vouchers to "teammates and partners" who had helped customers deal with the impact of the outage.

But some people who said they had received a voucher also took to social media to say it did not work.

"Uber flagged it as fraud because of high usage rates," CrowdStrike admitted.
 

HomerJ

Prolific Poster
Top