Security News
Did the EU force Microsoft to let third parties like CrowdStrike run riot in the Windows kernel as a result of a 2009 undertaking? This is the implication being peddled by the Redmond-based cloud and software titan. As the tech industry deals with the fallout from the CrowdStrike incident, Microsoft is facing questions.
By now, most people are aware of – or have been personally affected by – the largest IT outage the world have ever witnessed, courtesy of a defective update for Crowdstrike Falcon Sensors that...
Microsoft has released a custom WinPE recovery tool to find and remove the faulty CrowdStrike update that crashed an estimated 8.5 million Windows devices on Friday. [...]
CrowdStrike's now-infamous Falcon Sensor software, which last week led to widespread outages of Windows-powered computers, has also caused crashes of Linux machines. A second issue titled "System crashed at cshook network ops inet6 sockraw release+0x171a9" advised users "For assistance with troubleshooting potential issues with the falcon lsm serviceable kernel module provided from the CrowdStrike Falcon Sensor/Agent security software suite." Red Hat also advised that "Disabling the CrowdStrike Falcon Sensor/Agent software suite will mitigate the crashes and provide temporary stability to the system in question while the issue is investigated." The issue was "Observed but not limited to release 6 and 7.".
Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools. [...]
Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools. In an update today, CrowdStrike says that it "Is actively assisting customers" impacted by the recent content update that crashed millions of Windows hosts worldwide.
Faulty CrowdStrike update takes out Windows machines worldwideThousands and possibly millions of Windows computers and servers worldwide have been made inoperable by a faulty update of Crowdstrike Falcon Sensors, and the outage affected transport, broadcast, financial, retail and other organizations in Europe, Australia, the US and elsewhere. Critical Splunk flaw can be exploited to grab passwordsA recently fixed vulnerability affecting Splunk Enterprise on Windows "Is more severe than it initially appeared," according to SonicWall's threat researchers.
Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "Crowdstrike-hotfix.zip," which contains a malware loader named Hijack Loader that, in turn, launches the Remcos RAT payload. Specifically, the archive file also includes a text file with Spanish-language instructions that urges targets to run an executable file to recover from the issue.
Microsoft says a faulty CrowdStrike Falcon update, which caused widespread outages by crashing Windows systems worldwide, also resulted in Windows 365 Cloud PCs getting stuck in reboot loops, rendering them unusable. "We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check and get stuck in a restarting state," Microsoft said on its Service Health Status page.
Kettle If you're an IT administrator with Windows boxes on your network, Friday can't have been a lot of fun. What's likely millions of systems were or still are stuck in blue-screen boot loop hell, mostly requiring manual intervention to fix.