We\u2019re back with the latest on the CrowdStrike issue. CrowdStrike recently released an elaborate 12-page report titled the <\/span>Channel file 291 Incident Root Cause Analysis<\/span><\/a>. Today we’re breaking down this technical document into simple terms starting with a quick rundown of events.<\/span>\u00a0<\/span><\/p>\n

On July 19, 2024, CrowdStrike discovered a bug in their security software that caused Windows to crash. This impacted everything from airlines to banks to healthcare systems in many countries. Again, it wasn\u2019t a cyberattack. Just the software trying to read more information from memory than it should\u2019ve. <\/span>For insights on how Molaprise can assist with these issues, check our previous blog<\/a>!<\/span><\/p>\n

 <\/p>\n

Bug Details<\/span><\/b>\u00a0<\/span><\/h2>\n

Imagine trying to grab 21 pieces of data when there are only 20 pieces available – that\u2019s exactly what this software did. Its attempt to read more information from the computer’s memory than was available (an out-of-bounds read) caused the system to crash. The root cause was a coding error in a new feature which was overlooked during testing and deployment. It wasn\u2019t a security risk however because hackers couldn\u2019t do anything harmful like stealing your data and CrowdStrike\u2019s software has <\/span>several layers of protection<\/span><\/a>.<\/span> In view of that certain measures were taken:<\/span><\/p>\n

\n
• Data Field Adjustment – A patch has been released to correct the data mismatch.<\/li>\n
• Enhanced Safety Checks –\u00a0 New safeguards have been added to prevent accessing invalid data.<\/li>\n
• Expanded Testing – Testing procedures have been improved to cover more scenarios.<\/li>\n
• Validation Improvements – Additional validation checks have been implemented before software releases.<\/li>\n
• Phased Updates – Future updates will be deployed in stages to identify and address issues early.<\/li>\n<\/ul>\n

   <\/p>\n

  CrowdStrike\u2019s Layers of Protection<\/span><\/b>\u00a0<\/span><\/h2>\n

  \n
  • Certificate Pinning – The Falcon sensor only accepts specific SSL\/TLS certificates. This ensures that the software only communicates with trusted servers and prevents Man-in-the-Middle (MitM) Attacks.<\/span>\u00a0<\/span><\/li>\n
  • Checksum Validation – This process verifies that the channel files haven\u2019t been altered during transmission or storage.<\/span>\u00a0<\/span><\/li>\n
  • Access Controls \u2013 Verified channel files are stored in a directory that requires administrator privileges to access or modify. Only users with full admin rights can attempt to tamper with the file.<\/span>\u00a0<\/span><\/li>\n
  • Anti-Tampering Alerts – The system is designed to detect attempts to modify files outside the standard delivery and update mechanisms outlined above.<\/span>\u00a0<\/span><\/li>\n<\/ul>\n

     <\/p>\n

    The Wake of The Incident<\/span><\/b>\u00a0<\/span><\/h2>\n

    Once the outage gained media attention, the <\/span>NCSC observed an increase in phishing<\/span><\/a>, <\/span>domains & URLs impersonating CrowdStrike<\/span><\/a> and the distribution of malware disguised as recovery software and <\/span>security updates<\/span><\/a>\u00a0by attackers.<\/span>\u00a0<\/span><\/p>\n

    CrowdStrike is currently working on improving their security and appreciates feedback from the security community. They even have a <\/span>Bug Bounty program<\/span><\/a> to find and fix potential issues.<\/span>\u00a0<\/span><\/p>\n

    For the latest updates\u00a0on the issue visit <\/span>CISA\u2019s dedicated CrowdStrike update alert<\/span><\/a> page.<\/span>\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

    We\u2019re back with the latest on the CrowdStrike issue. CrowdStrike recently released an elaborate 12-page report titled the Channel file 291 Incident Root Cause Analysis. Today we’re breaking down this technical document into simple terms starting with a quick rundown of events.\u00a0 On July 19, 2024, CrowdStrike discovered a bug in their security software that […]<\/p>\n","protected":false},"author":5,"featured_media":2784,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[103,13,57],"class_list":["post-2780","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-crowdstrike","tag-cybersecurity","tag-threat-awareness"],"yoast_head":"\n