• Aphelion@lemm.ee
    link
    fedilink
    English
    arrow-up
    22
    ·
    edit-2
    4 months ago

    The real fuck up is that Crowdstrike Falcon can auto update through its own updater, and doesn’t have any kind of control panel for management that could be used for change control. If their customers could have tested this update first, none of this would be happening.

    • Pennomi@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      ·
      4 months ago

      Or if they were smart enough to do a phased rollout to a small percentage of users before deploying worldwide. That catches most issues quickly.

      • JustinA
        link
        fedilink
        English
        arrow-up
        5
        ·
        4 months ago

        Or if Microsoft reviewed drivers before signing them.

        • KmlSlmk64@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          ·
          4 months ago

          I think they do (or at least I’ve seen it mentioned), but this wa apparently caused a by a bad configuration fil for that driver. (A 40-something kB file pf pure zeroes)

    • quinkin@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      4 months ago

      Yep. A lot of customers were running n-1 or even n-2 of their falcon sensor release to mitigate risk. Doesn’t count for shit though if the “deployed content” bypasses all of that.

    • sunnie@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      4 months ago

      an antivirus-like software is something you want auto updates for in my opinion