NewApp Digest
search bot

Windows outage

Vulnerability in Windows Driver Leads to System Crashes
Winsage
August 12, 2024

Vulnerability in Windows Driver Leads to System Crashes

A newly identified vulnerability, CVE-2024-6768, exists in the Common Log File System (CLFS.sys) driver of Windows operating systems, discovered by Fortra researcher Ricardo Narvaja. This flaw allows an unprivileged user to cause a system crash, resulting in a Blue Screen of Death (BSOD), due to improper input data validation. The vulnerability affects all versions of Windows 10 and 11, regardless of updates. It can be exploited using a crafted .BLF log file format without user interaction, posing a risk of system instability and denial of service (DoS) attacks. The vulnerability has a CVSS base score of 6.8 and is categorized under CWE-1284 for improper validation of input. The attack must be executed locally and has low complexity, making it accessible to less experienced attackers. The exploit manipulates the CLFS client context structure, triggering the KeBugCheckEx function, which leads to the BSOD and system restart.
Lessons from the global Windows outage | TahawulTech.com
Winsage
August 12, 2024

Lessons from the global Windows outage | TahawulTech.com

Cricket Liu, Chief DNS Architect at Infoblox, discussed a global outage of Windows computers caused by a bug in CrowdStrike software on July 18. The software update led to widespread system failures in various sectors, including airlines and retail, with recovery efforts expected to take hours or days. The incident highlighted the risks of hosting critical network services like DNS and DHCP on Windows Servers, which are often targeted and vulnerable. Organizations are advised to run these services on dedicated servers independent of Windows infrastructure to reduce the risk of outages.
Cybercriminals taking advantage of CrowdStrike-linked global computer outage
Tech Optimizer
August 5, 2024

Cybercriminals taking advantage of CrowdStrike-linked global computer outage

A global IT outage caused by a flawed software update from CrowdStrike has led to increased cybercriminal activity, with phishing campaigns and malware distribution targeting individuals and businesses. The outage, which began at 1:20 a.m. ET on Friday, affected organizations reliant on Windows computers using CrowdStrike Falcon, resulting in widespread system failures. The Department of Homeland Security's Cybersecurity & Infrastructure Security Agency (CISA) has issued a warning about the surge in online criminal activity and advised caution when interacting with communications related to the incident. CrowdStrike's CEO, George Kurtz, acknowledged the disruption and the company's efforts to assist affected customers. CrowdStrike is working to deploy a previous version of its Falcon software and has provided workaround steps for users experiencing issues.
Delta CEO praises Apple after Microsoft Windows outage cost him $500 million
Winsage
August 2, 2024

Delta CEO praises Apple after Microsoft Windows outage cost him $500 million

Delta Air Lines CEO Ed Bastian expressed concerns about the reliability of major tech platforms following a significant outage on July 19 that led to over 5,000 flight cancellations and required the resetting of more than 40,000 servers. He described Delta's collaboration with Microsoft as “probably the most fragile platform” and emphasized the need for tech companies to strengthen their existing systems. The outage prompted CrowdStrike to offer “free consulting advice” and has resulted in a proposed class action lawsuit against CrowdStrike's CEO for allegedly making false statements about software validation processes. A Microsoft spokesperson noted that due to a legal understanding with the European Commission, Microsoft cannot restrict kernel access to third-party developers like Apple does.
CrowdStrike Reveals New Details About What Caused Windows Outage
Winsage
July 25, 2024

CrowdStrike Reveals New Details About What Caused Windows Outage

- CrowdStrike's Falcon Sensor product update caused mass blue screen of death on Windows computers worldwide. - The issue was caused by a bug in the way CrowdStrike delivers updates, specifically a Rapid Response Content update with an undetected error. - CrowdStrike is implementing a staggered deployment strategy for Rapid Response Content updates and improving monitoring to prevent similar incidents in the future. - Security experts suggest that a staged rollout procedure for updates could have prevented the issue and emphasize the importance of thorough QA procedures for mission-critical software.
Microsoft Windows outage may cost Fortune 500 companies $5.4 billion - Times of India
Winsage
July 24, 2024

Microsoft Windows outage may cost Fortune 500 companies $5.4 billion – Times of India

- Microsoft Windows suffered a global outage impacting businesses and firms across industries. - Insurer Parametrix estimates US Fortune 500 companies will face [openai_gpt model="gpt-3.5-turbo-0125" prompt="Summarize the content and extract only the fact described in the text bellow. The summary shall NOT include a title, introduction and conclusion. Text: Financial Impact of Microsoft Windows Outage Microsoft Windows suffered a global outage last week, impacting businesses and firms across industries. While the total amount of losses incurred has not been determined yet, insurer Parametrix estimates that US Fortune 500 companies will face .4 billion in financial losses from the outage, as reported by Reuters. Parametrix stated that insured losses from the outage will likely total 0 million to .08 billion for the Fortune 500 companies. According to the Reuters report, major cyber insurer Beazley has no plans to change its guidance on its combined ratio after the mass IT outage. Ratings agency Fitch mentioned that the global insurance and reinsurance industry is likely to avoid any major financial impact from the outage. CrowdStrike Update Behind the Outage Microsoft's CrowdStrike outage impacted nearly 8.5 million Windows devices worldwide, disrupting internet services across the globe and affecting industries such as airlines, banking, and healthcare. A faulty software update from CrowdStrike, the US-based cybersecurity company, caused the disruption that crippled day-to-day operations across sectors, as confirmed by Microsoft. Malaysia Asks for Compensation In a separate report, Reuters mentioned that Malaysia's digital minister has asked global tech firms Microsoft and CrowdStrike to consider compensating companies that suffered losses during the global tech outage last week. Gobind Singh Deo stated, "If there are any damages or losses, where there have been any parties that have made such claims, I've asked them to consider those claims and see to what extent they are able to help resolve the issue." He also added that the government will assist on the claims where possible." max_tokens="3500" temperature="0.3" top_p="1.0" best_of="1" presence_penalty="0.1" frequency_penalty="frequency_penalty"].4 billion in financial losses from the outage. - Major cyber insurer Beazley has no plans to change its guidance on its combined ratio after the outage. - Faulty software update from CrowdStrike caused the disruption that impacted nearly 8.5 million Windows devices worldwide. - Malaysia's digital minister has asked Microsoft and CrowdStrike to consider compensating companies that suffered losses during the outage.
Microsoft pins Windows outage on EU-enforced ‘interoperability’ deal
Winsage
July 22, 2024

Microsoft pins Windows outage on EU-enforced ‘interoperability’ deal

Software makers have been granted access to Microsoft's PC productivity applications, SharePoint, Outlook, Exchange, and the .NET framework, in addition to Windows Client and Server operating systems. The EU has not been able to secure similar terms with Apple or Google, leaving macOS and ChromeOS free from any inclusivity obligations.
Search