Microsoft Crowdstrike

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/16

flashcard set

Earn XP

Description and Tags

Learn about the Microsoft Crowdstrike Case!

Computer Science

Critical Systems

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

17 Terms

1
New cards

when

July 19th 2024

2
New cards

who

CrowdStrike, security company that builds endpoint detection and response software

3
New cards

what happened

~8.5m windows systems failing and showing blue screen

4
New cards

how much (estimated)

US Fortune 500 companies $5.4bn

5
New cards

what 1

channel file 291 was an update to improve how Falcon evaluates named pipe execution on Windows

6
New cards

note

only channel file 291 version with timestamp 2024-07-19 0409 UTC was flawed

7
New cards

what 2

there was a mismatch between number of input fields in the inter-process communication (IPC) template type and actual inputs provided - IPC defined 21 but sensor code only provided 20

8
New cards

why not Mac or Linux

channel file 291 deals with named pipe execution that only occurs on Microsoft OS

9
New cards

Falcon

a security product that is essentially anti-malware for the server

10
New cards

issue 1

instead of creating a new driver each time they had an update, Crowdstrike were sneaky and wrote channel files so they didn’t have to get a new certification and waste time

11
New cards

channel file

processed by the driver but not actually included

12
New cards

issue 2

creating new channel files means you have unsigned and uncertified code in kernel mode and all it takes is a tiny issue to mess everything up

13
New cards

why was CrowdStrike Falcon code in the kernel and what did that mean?

code was in the kernel so it could see application behavior - so it was a device driver, specifically BOOT START so it must be installed to start the windows OS so their security is always there

14
New cards

outcome 1

airports, healthcare, financial services all disrupted

15
New cards

outcome 2

shareholder class action lawsuit - CrowdStrike made false and misleading statements about the adequacy of its software testing procedure

16
New cards

outcome 3

delta airlines filed lawsuit on Oct 25th 2024 accusing them of negligence. CS sued them back saying they were not responsible for mass flight cancellations and any damages they suffered were due to their own negligence

17
New cards

outcome 4

increase in cyberattacks - phishing emails as tech support, fake phone calls, selling scripts claiming to be recovery