CrowdStrike Update: Windows Bluescreen and Boot Loops

[jboy55]

Considering Crowdstrike mentioned in their blog that systems that had their 'falcon sensor' installed weren't affected [1], and the update is falcon content, I'm not sure it was a malformed file, but just software that required this sensor to be installed. Perhaps their QA only checked if the update broke systems with this sensor installed, and didn't do a regression check on windows systems without it.

[1]https://www.crowdstrike.com/blog/statement-on-falcon-content...

[vladvasiliu]

That’s not exactly what they’re saying.

It says that if a system isn’t “affected”, meaning it doesn’t reboot in a loop, then the “protection” works and nothing needs to be done. That’s because the Crowdstrike central systems, on which rely the agents running on the clients’ systems, are working well.

The “sensor” is what the clients actually install and run on their machines in order to “use Crowdstrike”.

The crash happened in a file named csagent.sys which on my machine was something like a week old.

[adrianmonk]

I'm not familiar with their software, but I interpreted their wording to mean their bug can leave your system in one of two possible states:

(1) Entire system is crashed.

(2) System is running AND protected from security threats by Falcon Sensor.

And to mean that this is not a possible state:

(3) System is running but isn't protected by Falcon Sensor.

In other words, I interpreted it to mean that they're trying to reassure people they don't need to worry about crashes and hacks, just crashes.