A widespread Blue Screen of Death (BSOD) issue on Windows PCs disrupted operations across various sectors, notably impacting airlines, banks, and healthcare providers. The issue was caused by a problematic channel file delivered via an update from the popular cybersecurity service provider, CrowdStrike. CrowdStrike confirmed that this crash did not impact Mac or Linux PCs.

It turns out that similar problems have been occurring for months without much awareness, despite the fact that many may view this as an isolated incident. Users of Debian and Rocky Linux also experienced significant disruptions as a result of CrowdStrike updates, raising serious concerns about the company’s software update and testing procedures. These occurrences highlight potential risks for customers who rely on their products daily.

  • Toes♀@ani.social
    link
    fedilink
    arrow-up
    37
    ·
    4 months ago

    There’s a concept in this industry where you eat your own dog food.

    Deploying these updates to your own people could have avoided this mess.

    • themoonisacheese@sh.itjust.works
      link
      fedilink
      arrow-up
      36
      ·
      4 months ago

      Oh but they did. Turns out that this is specifically caused by one driver expecting another to be installed, the other one being for another of their products. If you have the other product installed, it doesn’t crash, so it didn’t crash on their machines because they have all their products installed and apparently not a single element of their test matrix has the single most common configuration they service

      • Fox
        link
        fedilink
        arrow-up
        9
        ·
        4 months ago

        Do you have a source for that? I’m intrigued. Their own blog post is only talking about a “logic error”.

        • lemmyvore@feddit.nl
          link
          fedilink
          English
          arrow-up
          5
          ·
          4 months ago

          I heard a different rumor, that the driver file they pushed was all zeros. I’m inclined to believe that one.

        • themoonisacheese@sh.itjust.works
          link
          fedilink
          arrow-up
          3
          ·
          4 months ago

          It’s a very educated guess based on the following:

          The crash is a null pointer dereference, which a linter ought to catch.

          The crash does not happen if you have crowdstrike sensor installed, which is weird because crowdstrike sensor’s job is not to prevent any crashes.

          Hence the guess: the update the pushed tries accessing memory in sensor, but if it’s not installed the pointer is null and that’s Bye-Bye.

          • Fox
            link
            fedilink
            arrow-up
            1
            ·
            4 months ago

            I see, thanks for the clarification. Sounds plausible.

      • Mango@lemmy.world
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        4 months ago

        This is the best explanation of this I’ve heard and you’re just like… A dude on Lemmy.