What is in C-00000291*.sys?
What is in C-00000291*.sys?
> I've obtained copies of the .sys driver files Crowdstrike customers have. They're garbage. Each customer appears to have a different one.
https://cyberplace.social/@GossiTheDog/112812454405913406
> The .sys files causing the issue are channel update files, they cause the top level CS driver to crash as they're invalidly formatted. It's unclear how/why Crowdstrike delivered the files and I'd pause all Crowdstrikes updates temporarily until they can explain.
The most successful malware of 2024, even though it only does denial of service.
It's a crowdstrike update file with a bug in it, from what I gather. This makes your Windows machine go blue screen and stop working as it starts up. If you manage to remove it by various methods, it doesn't run and you're fine.
More informed people will give you more details, but this kind of AV software often has privileged access to the OS, so it can scan your files. The same privileged access also means it can really mess things up if it's not well tested.
By contrast your ordinary python or VBA script should not be able to blue screen your machine, especially not during startup.
A malware delivery platform sponsored by the US security state. All customers get customised versions nothing to see here.
It provides the electrolytes Windows craves.
On another note, I know nothing about cybersec, is there a reason for which antivirus on windows run at ring 0 while I read that on Linux and Mac they don't have kernel level access?
Does anyone understand what a channel file is? Some sort of patch/dll that a driver loads?
Specifically, if the file is corrupted, in what way is it corrupt? I’m fascinated by how this issue occurred.
Hm, is there any website that explains why C-00000291*.sys caused the widespread BSODs? For example, was it some kind of definition file that was accessing invalid memory locations?
New to IT, but this sure seems like a huge security risk. Even though the CEO and others have said otherwise. People who are more experienced, please let me know if I am wrong.
Does anyone have the actual file, I have a copy but it seems to be a good version unfortunately. Really appreciate if anyone can upload it here
Can someone share a link to a copy of the offending channel file. Now a crowd strike customer, but interested in poking at its contents. Thanks!
Does anyone have the BSoD dump file when it crashed? our a C-00000291-00000000-00000032.sys output de-identified ?
Does anyone have the BSoD dump file our the C-00000291-00000000-00000001.sys de-identified to analyze both
Wouldn't want to be the guy who pushed this particular commit. It's ironic that the company that is supposed to prevent this sort of thing causes the biggest worldwide outage ever. Crowdstrike is finished. Let's hope this will result in at least a small increase in desktop Linux market share.