【华盛顿讯】近日,全球网络安全公司CrowdStrike因其软件中的一个严重漏洞导致微软操作系统出现蓝屏问题,引发了广泛关注。据内部调查报告透露,该公司的软件在未经充分测试的情况下,直接将正则表达式代码注入到操作系统内核中,这一做法最终导致了大规模系统崩溃。
事件回顾:微软用户在使用CrowdStrike Falcon传感器软件时,遭遇了蓝屏故障,该故障影响了大量用户的正常操作。经过半个多月的调查,CrowdStrike发布了12页的调查报告,详细解释了此次事件的起因、经过以及应对措施。
报告指出,CrowdStrike在2024年2月发布的传感器版本7.11中引入了一个新的模板类型,用于检测新型攻击技术。然而,该模板类型在设计上存在缺陷,导致在执行过程中出现内存越界读取问题,最终引发了系统崩溃。
据了解,该模板类型定义了21个输入参数,但在实际使用中,仅提供了20个输入值。这种参数不匹配的问题未能在测试过程中被发现,直到新的模板实例部署后才显现。问题在于,测试期间和初始部署中,第21个输入参数使用了通配符匹配标准,这掩盖了潜在的错误。
当CrowdStrike部署了新的模板实例,其中一个引入了非通配符匹配标准,这导致了第21个输入参数的缺失,从而在系统运行时引发了内存越界读取错误,导致了蓝屏故障。
尽管CrowdStrike在报告中表示将采取措施防止类似事件再次发生,并承诺在系统完全恢复之前不会休息,但公众对此并不买账。社交媒体上充斥着对CrowdStrike缺乏测试流程和流程控制的批评。
此事件再次提醒了软件开发公司,在产品发布前必须进行彻底的测试,以确保代码的安全性和可靠性。同时,这也为其他网络安全公司敲响了警钟,提醒他们要重视产品质量和测试流程,以避免类似事件的发生。
目前,CrowdStrike正在与微软合作,修复受影响的系统,并承诺将加强内部流程,以避免未来出现类似的安全漏洞。
英语如下:
News Title: “Absurd Bug: CrowdStrike Kernel Bug Causes Microsoft Blue Screen”
Keywords: Blue Screen, CrowdStrike, Bug
News Content:
Title: CrowdStrike Software Vulnerability Triggers Microsoft Blue Screen Incident, Company Under Fire for Lack of Thorough Testing
【Washington, D.C.】Recently, global cybersecurity firm CrowdStrike has drawn widespread attention for a serious vulnerability in its software that caused a blue screen problem with Microsoft’s operating system. According to an internal investigation report, the company’s software injected regular expression code directly into the operating system’s kernel without adequate testing, leading to widespread system crashes.
Incident Summary: Microsoft users encountered a blue screen error while using the CrowdStrike Falcon sensor software, affecting the normal operation of many users. After more than a month of investigation, CrowdStrike released a 12-page investigation report detailing the cause, progression, and response measures of the incident.
The report stated that CrowdStrike introduced a new template type in its version 7.11 sensor, released in February 2024, to detect new attack techniques. However, the template type design had flaws that resulted in a memory buffer overflow issue during execution, ultimately causing system crashes.
The new template type defined 21 input parameters, but only 20 input values were provided in actual use. This mismatch in parameters was not detected during testing until the new template instance was deployed. The issue arose because the testing period and initial deployment used a wildcard matching standard for the 21st input parameter, masking the potential error.
When CrowdStrike deployed the new template instance, one that did not use a wildcard matching standard, the missing 21st input parameter led to a memory buffer overflow error during system runtime, causing the blue screen fault.
Although CrowdStrike’s report indicated that measures will be taken to prevent similar incidents in the future and promised not to rest until the system is fully restored, the public was not convinced. Social media was filled with criticism of CrowdStrike’s lack of testing procedures and process control.
This incident serves as a reminder to software development companies that thorough testing must be conducted before product release to ensure the safety and reliability of the code. It also warns other cybersecurity companies to pay attention to product quality and testing procedures to avoid similar incidents.
Currently, CrowdStrike is working with Microsoft to repair affected systems and has pledged to strengthen internal processes to prevent future security vulnerabilities.
【来源】https://mp.weixin.qq.com/s/A53TSX18SgK-cD9RKARoog
Views: 3