Cybersecurity firm Crowdstrike pushed an update that caused millions of Windows computers to enter recovery mode, triggering the blue screen of death. Learn ...

Cybersecurity firm Crowdstrike pushed an update that caused millions of Windows computers to enter recovery mode, triggering the blue screen of death. Learn …

  • Toribor@corndog.socialEnglish
    691·
    4 months ago

    Many compliance frameworks require security utilities to receive automatic updates. It’s pretty essential for effective endpoint protection considering how fast new threats spread.

    The problem is not the automated update, it’s why it wasn’t caught in testing and how the update managed to break the entire OS.

    • Joe@discuss.tchncs.deEnglish
      81·
      4 months ago

      It is pretty easy to imagine separate streams of updates that affect each other negatively.

      CrowdStrike does its own 0-day updates, Microsoft does its own 0-day updates. There is probably limited if any testing at that critical intersection.

      If Microsoft 100% controlled the release stream, otoh, there’d be a much better chance to have caught it. The responsibility would probably lie with MS in such a case.

      (edit: not saying that this is what happened, hence the conditionals)

      • Toribor@corndog.socialEnglish
        13·
        4 months ago

        I don’t think that is what happened here in this situation though, I think the issue was caused exclusively by a Crowdstrike update but I haven’t read anything official that really breaks this down.

        • barsquid@lemmy.worldEnglish
          15·
          4 months ago

          Some comments yesterday were claiming the offending file was several kb of just 0s. All signs are pointing to a massive fuckup from an individual company.

          • Wiz@midwest.socialEnglish
            51·
            4 months ago

            Which makes me wonder, did the company even test it at all on their own machines first?