Smug non-Microsoft users : Global outage for Windows users using Crowdstrike - global BSOD

Just been reading about it - also affected Debian and Rocky Linux.

I’ve been deploying Falcon Crowdstrike (VERY reluctantly I might add!) to Linux servers since around February…

Fortunately - all of them are RHEL 8 (or earlier) and the Crowdstrike “bug” was more RHEL 9 and kernel 5.x…

I’ve deployed a few RHEL9 instances for other customers this year, but also, fortunately, those customers don’t use Crowdstrike…

I just watched a very informative youtube from a former Microsoftee - who worked on Windows NT - basically the bug is an empty *.sys file that the ring 0 Crowdstrike device driver tries to load into memory - or something :

The more “agents” you install on a system - the more unstable it will be - the more moving parts in the kernel / ring 0 - the more likely failures are…

I remember in Windows NT 3.51 - the HAL, “hardware abstraction layer” - didn’t have 100% privileged access to the kernel - but Microsoft went back on that with Windows NT 4.x in order to get better performance, especially on workstations…

3 Likes