Stuck at the Airport
On July 18. 2024 the Consultant found himself in the airport where major systems were down. The cause? The Crowdstrike Falcon software he had deployed on thousands of systems. This software meant to protect servers actually hosted a .sys driver level file that an update clobbered.
The Flaw
On July 19, 2024, a Rapid Response Content update was delivered to certain Windows hosts, evolving the new capability first released in February 2024. The sensor expected 20 input fields, while the update provided 21 input fields. In this instance, the mismatch resulted in an out-of-bounds memory read, causing a system crash. Our analysis, together with a third-party review, confirmed this bug is not exploitable by a threat actor. (Crowdstrike, 2024)
The Horrible Safe Mode Fix
There are several fixes of progressing difficulty. This video shows how to remediate with BitLocker and Bootable USB.