How did a CrowdStrike config file crash millions of Windows computers? We take a closer look at the code

The Register ^ | 23 July 2024 | Thomas Claburn

[EVO X]

Never be the first to download an OS, or any update, or new whiz bang software.

I've been retired from Windows related IT stuff for over a decade. Back then on very rare occasions I had to cross my fingers doing updates for zero day exploits. Around the time I retired there was a big push to automate updates at big institutions. It works great until it doesn't

[wally_bert]

More fun if LAPS is installed.

Local Administrator Password Solution

[mmichaels1970]

More fun if LAPS is installed.

Oof. I've never seen or used that. So that means that it is possible that NOBODY KNOWS the local admin password unless you log into AD with enough access to see it? And that's likely some massive randomly generated password that's just a long string of random characters/numbers?

[Wuli]

Society keeps being told how wonderful is the very latest computer technology, while the world-spanning size of crashes and hacks keeps getting larger and larger, not to mention the human data and financial theft and scams keeps growing as well, far beyond the scale of snail-mail theft and scams of the past.

[wally_bert]

That’s sort of how it works.

Local admin passwords sadly a thing of the past.

I could give a field person that if absolutely necessary which happened a few times.

Safe mode was needed to get rid of a corrupt DLL. Other times local administration was needed was with HP printers mostly field types would buy because they were so cheap.

With LAPS and trying to get a non technical person to function, migraine fuel.

[xoxox]

Testing updates is racist.

[daniel1212]

Thanks, could one use a Linux live USB to delete C:\Windows\System32\drivers\CrowdStrike\ on a Win machine?

[dayglored]

> could one use a Linux live USB to delete C:\Windows\System32\drivers\CrowdStrike\ on a Win machine?

If the Windows disk is not encrypted, maybe so. The live Linux distro on the USB stick would need the latest NTFS write-enabled driver.

If the Windows disk is encrypted (e.g. BitLocker) you're almost certainly S-O-L.

[EasySt]

I suspect that secret pre-release testing showed that the release would function
exactly as planned, with exactly the effect that resulted.

Because it came from “Cloudstrike”, and with such timing.

[CodeJockey]

He explained, "One of the techniques employed by Google, which we used when I was there, is to do what's called Canary releases – gradual or slow rollouts – and observe what's occurring rather than crashing what Microsoft estimated were 8.5 million machines."

In other words... test in a closed environment. DEI strikes again.

[Openurmind]

Tux... :)

[Openurmind]

If it gives you admin access to the system files you should be able to.

[martin_fierro]

Somebody @ Crowdstrike is soooooo fired.