The real blame lies on the fact that Windows lets hundreds of companies like Crowdstrike ship kernel-level software to millions of computers. The fact that this incident was caused by an accidental bug is hilarious, but we're lucky that it wasn't someone pushing malicious software instead.
Windows drivers are a huge liability and I wouldn't be surprised if the next time is a state actor like Russia pushing kernel-level malware.
The real fuck up is that Crowdstrike Falcon can auto update through its own updater, and doesn't have any kind of control panel for management that could be used for change control. If their customers could have tested this update first, none of this would be happening.
Yep. A lot of customers were running n-1 or even n-2 of their falcon sensor release to mitigate risk. Doesn't count for shit though if the "deployed content" bypasses all of that.
Let's be real, Microsoft wouldn't do a hell of a lot better even if they had that stuff locked down. Their fuckups just tend to hit the general public a little more frequently than enterprise customers.
Edit: I wrote this before I learned about yesterday's Azure outage lol. That definitely adds to my point.
so you're saying you shouldn't be able to install any software with drivers? there's nothing microsoft can do about mass installing a program with elevated privileges, especially if it had actual uses like this
The average person or IT dept should not have to, no. It is very rare to install third party drivers on MacOS and Linux, and the fact that it's even needed for an antivirus is insane.