Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: Alas Babylon!

The Crowdstrike crash revealed a fundamental flaw in how security suite software is packaged with Microsoft. Because it operates at the device level in the kernel (Ring 0), it has to be packaged as a signed device driver that goes through Microsoft’s rigorous testing protocols. But because it also has to respond immediately to Zero day vulnerabilities, it can’t wait for a new signed driver to be approved.

This is why they use DEF files to patch the driver code. The signed driver code reads the DEF file to get updated p-code that must run in the kernel memory. The latest DEF file release contained bad code that caused a NULL exception in the kernel memory, resulting in a BSD.

Crowstrike’s regression testing should have caught this, and they have a lot to answer for.


6 posted on 07/22/2024 10:51:14 AM PDT by Dave Wright
[ Post Reply | Private Reply | To 1 | View Replies ]

To: Dave Wright

One of my friends at Microsoft said he had nightmares about someone on the windows update team doing something much worse than this.

I worry about it too.


10 posted on 07/22/2024 12:38:01 PM PDT by algore
[ Post Reply | Private Reply | To 6 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson