Saturday, July 20, 2024

System outage 7/19


What?

Yday, Microsoft experienced a global outage due to an issue with CrowdStrike's Falcon Sensor software, causing widespread disruptions and triggering the 'Blue Screen of Death' on Windows PCs.

Computers with Mac and Linux operating systems were not impacted, and CrowdStrike said the incident was not caused by a cyberattack.

Who?

CEO George Kurtz, said the system was sent an update, and that update had a software bug in it and caused an issue with the Microsoft operating system

Cybersecurity programs like CrowdStrike’s frequently and automatically update themselves to account for new tactics that malicious hackers have discovered. And there’s always a slight risk that any software update will be incompatible with other programs.

Why?

Logical system flow is depicted in the given diagram.

Where?

In computing, memory is organized as a large array of numbers, often represented in hexadecimal (base 16) for simplicity.

The patch attempted to read memory address 0x9c (156 in decimal), which is an invalid memory region. Any program that tries to read from this region is immediately terminated by Windows, as shown in the stack dump image.  Programmatically, it was caused by a NULL pointer reference in the code.

The affected code was part of a system driver, which has privileged access to the system hardware. When such a driver crashes, the operating system must immediately crash to protect the system, causing the infamous Blue Screen of Death (BSOD).

How?

CrowdStrike immediately published workaround steps for individual hosts and cloud environment at their portal https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/

5 years ago, importance of null pointer handler was inked at https://medium.com/trimble-maps-engineering-blog/nullable-business-value-91c31df8f20d 




No comments:

Post a Comment