CrowdStrike outage Archives

Winsage

March 13, 2025

WinRing0: Why Windows is flagging your PC monitoring and fan control apps as a threat

On Tuesday morning, PC gamers received unexpected alerts from Windows Defender regarding a tool called WinRing0, which raised concerns about potential security breaches. This issue affected various hardware monitoring applications, including Razer Synapse, SteelSeries Engine, and MSI Afterburner, leading to erratic computer behavior after the HackTool was quarantined. Developers noted that WinRing0, while useful for accessing hardware data, has been flagged due to security vulnerabilities. Microsoft is under pressure to tighten software access to low-level hardware, prompting scrutiny of WinRing0. Some developers labeled the detection as a "false positive," arguing that their applications are not malicious. Timothy Sun's company developed a proprietary SMBus driver to avoid WinRing0, but this transition required significant resources. WinRing0 has been patched, but challenges remain in getting a new version signed by Microsoft. iBuyPower has expressed interest in pursuing a signed update for WinRing0, while companies like Razer and SteelSeries are working to eliminate reliance on it in their software updates.

Winsage

December 4, 2024

Microsoft Announces Security Update with Windows Resiliency Initiative

Microsoft has launched the Windows Resiliency Initiative to enhance the security and reliability of its operating system in response to a significant CrowdStrike outage that affected over 8 million Windows PCs and servers, resulting in losses estimated at .4 billion. The initiative focuses on four key areas: learning from past incidents, reducing administrative privileges, implementing stronger controls for apps and drivers, and improving identity protection. Key components include: 1. Quick Machine Recovery: Allows IT administrators to remotely diagnose and repair devices, reducing downtime. 2. Administrative Protection: Users will operate under standard accounts by default to limit unauthorized access. 3. Smart App Control: Ensures only verified applications can run on Windows PCs. 4. Advanced Identity Protection: Enhancements include stronger password policies and multi-factor authentication. Additional improvements involve collaboration with security vendors, new encryption features, and transitioning components from C++ to Rust for better code security. The initiative aims to restore user confidence and prevent future cyber threats.

Tech Optimizer

September 20, 2024

Microsoft reveals CrowdStrike outage could have a surprising long-term impact on everyday users

On July 27, Microsoft released a security report regarding the CrowdStrike crash, which was caused by a malfunctioning driver and affected millions of Windows devices. The incident has sparked controversy in the gaming community over kernel-level anti-cheat programs, which are seen as potential threats to privacy and security. Despite the risks, game developers are reluctant to abandon these solutions due to challenges in preventing cheating. The CrowdStrike incident may prompt a shift away from kernel-level access, leading Microsoft to explore alternative methods, such as AI-driven "Human Behavior Detection" techniques, to address cheating without requiring kernel-level permissions. The effectiveness of AI solutions as alternatives remains uncertain, but AI is expected to play a significant role in Microsoft's research following the outage. Kernel-level software has previously caused Blue Screen of Death (BSOD) crashes, highlighting the need for safer alternatives that do not pose critical system failure risks.

Winsage

August 7, 2024

‘Criminals are preying on Windows users’: Software subject of CISA, cybersecurity warnings

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a vulnerability in Microsoft’s Windows 10, identified as CVE-2018-0824, to its Known Exploited Vulnerability Catalog. This vulnerability allows for privilege escalation and remote code execution. CISA recommends that users stop using affected software or apply necessary patches. A Chinese hacking group has reportedly exploited this vulnerability to compromise a Taiwanese government research center. Additionally, The Register reported that cybercriminals are targeting Windows users with a keylogger called SnakeKeylogger, which steals credentials and captures screenshots. SnakeKeylogger, marketed on Russian crime forums, has been a significant threat since 2020 and is spread through malicious email attachments. Recent alerts follow a "Crowdstrike outage" in July that affected Windows devices due to a faulty software update.

Winsage

August 3, 2024

Who wrote the BSOD screen? Former Windows developer finally has an answer

The Blue Screen of Death (BSOD) in Windows has three distinct origins attributed to different authors. The Windows 3.1 Ctrl+Alt+Del screen, referred to as the "blue screen of unhappiness," was written by Steve Ballmer but was not a response to system crashes. During crashes on Windows 3.1, users saw a black screen. The Windows 95 kernel error screen, which users could bypass, was finalized by Raymond Chen. The true BSOD, the Windows NT kernel error screen, was created by John Vert and indicates a critical system failure.

Winsage

July 29, 2024

CrowdStrike—How Microsoft Will Protect 8.5 Million Windows Machines

A CrowdStrike update caused the crashing of millions of Windows machines, leading Microsoft to release an analysis of the incident. CrowdStrike identified a bug in its software as the cause and committed to improving its quality assurance processes. Microsoft confirmed that the issue was a read-out-of-bounds memory safety error in the CSagent.sys driver. Microsoft explained the importance of kernel drivers for security products, noting their role in system-wide visibility and performance, but also acknowledged the complexities and risks associated with kernel-level operations. Following the incident, Microsoft proposed four steps to enhance Windows security, including safe rollout guidance, reducing kernel driver access, improving isolation and anti-tampering capabilities, and implementing zero trust approaches.

Winsage

July 28, 2024

CrowdStrike ‘Updates’ Deliver Malware & More as Attacks Snowball

A surge of cybercriminal activity has followed the CrowdStrike outage, leading to an increase in social engineering attacks targeting the vendor's clients. National cybersecurity agencies in the US, UK, Canada, and Australia have reported a rise in phishing attempts, with daily attacks ranging from 150 to 300, significantly higher than typical volumes. Cybercriminals are exploiting the outage by impersonating CrowdStrike and offering technical support, targeting organizations directly affected by the incident. Over 2,000 phishing and typosquatting domains related to CrowdStrike have been registered, which may be used for malware distribution. Specific attacks have included a ZIP file containing HijackLoader and a phishing email with a malicious PDF attachment that installed a wiper. Organizations are advised to enhance their defenses by using blocklists and protective DNS tools and to seek support only from official CrowdStrike channels.

Winsage

July 27, 2024

Microsoft Windows Deadline—Why You Need To Update Your PC By July 30

A new threat exploiting Internet Explorer code hidden in millions of PCs poses a serious risk to user data and system integrity. The US government has added the vulnerability to its Known Exploit Vulnerability catalog, emphasizing the importance of updating Windows systems to protect against potential attacks. Microsoft has released a patch to address the issue and urges users to install the update promptly.

Winsage

July 27, 2024

Last week’s CrowdStrike outage was bad. The sun has something worse planned.

Solar storms, specifically coronal mass ejections (CMEs), can cause outages on Earth by releasing highly charged particles that can induce a current in the electrical system, potentially frying transformers and causing blackouts. In the past, solar storms have disrupted communication systems, such as the telegraph system in 1859 and power grids in 1989. While the likelihood of a major solar event causing an internet blackout is uncertain, experts believe there is about a 1% chance each year. However, with advanced technology, such as satellites monitoring solar activity, emergency officials could potentially prepare the power grid and minimize damage from a solar storm.

Winsage

July 26, 2024

CrowdStrike, Microsoft Outage: Is Tech Too Vulnerable? – Georgetown University

- Cybersecurity firm CrowdStrike experienced a technical outage on July 19, 2024, due to a faulty software update that crashed customers' Windows systems. - The outage affected critical sectors such as flights, medical procedures, and other societal systems. - Despite not being a cyberattack, hackers took advantage of the chaos by using social engineering techniques to trick people into harmful actions. - The incident highlights the potential impact of a widespread cyberattack and raises questions about liability, accountability, and deterrence. - To secure ourselves, it is essential to follow best practices such as using complex passwords, updating software regularly, backing up files, and staying informed about cybersecurity threats.