CrowdStrike published a Post Incident Review advance about the incident, the 19th of July, which caused a crash of more than 8.5 million computers around the world, and show the screen to the infamous Blue Screen of Death (BSOD). An analysis of the most in-depth and will be made available to you at the end of the investigation. Of the house of the software is to use a little bit in terms of technical, to improve readability.
Why was there a bug in the Falcon's Sensor?
CrowdStrike was explained to you already, that the system of the Windows had been caused by an update of the configuration, in particular of the file, the C-00000291*.sys. Of the house of the software sends two types of përditësimesh for the Falcon Sensor as the Sensor in Content, and the Rapid Response Content. The first one is included in the code of the software, and thus the testing of a broad carried out before deployment.
The second type of update is similar to the signatures of the antivirus. He set up more quickly in order to address the new threats. One of the three systems, the most commonly used delivery System (a set of content) works in the cloud, and it includes Vlerësuesin of the Content. The other two (the Interpreter of the content, and It's the Discovery of the Sensorit) installed on your computer.
On 19 July, because of a mistake on the “Vlerësuesin content”, the update of the configuration word has come true, regardless of the presence of incorrect data. The file manager to the infamous Channel 291 on the post down the computer, in which he shows the BSOD.
CrowdStrike has promised to improve the test on the update of the content of the response to the prompt. Review of the content, you will also be improved. Customers will eventually have a greater control on the update of the content of the response to be fast, and will also be able to decide when to install them today, they will be installed automatically).
Discussion about this post