CrowdStrike issues go beyond Windows: company’s security software has reportedly been causing kernel panics since at least April
Last Friday, the world experienced the biggest global outage of key Windows PC infrastructure in history — this issue, caused by a botched CrowdStrike update to its kernel-level Falcon Sensor software, made modern Windows systems so fundamentally non-functional that flights around the world were delayed. Southwest Airlines managed to avoid the issue, because the company was using Windows 3.1 instead of any remotely modern version of the OS.
But as it turns out, the problem isn’t just isolated to modern Windows operating systems. Linux users have been reporting kernel panics and crashes related to the same software since as early as April of this year, per a report from The Register.
So, how is this issue cross-platform? Chances are the specific issue that caused chaos over the last few days is not— after all, we would’ve seen it cripple Windows machines much sooner if that were the case. However, what this does demonstrate is that CrowdStrike has apparently been lax with its Falcon Sensor Security software for quite a while now.
For those unfamiliar, the “kernel” of an operating system refers to the layer outside of user interaction (typically called the “shell”), and most directly connected to the hardware beneath. The thing is, very little computer software actually needs kernel access to get its work done. And while security software can certainly be an exception because threats often may attempt to infiltrate the kernel, it’s still very important to ensure that the software isn’t also causing kernel instability and crashes for any target platform.
An interesting sidenote pointed out by The Register is that CrowdStrike’s current CEO, George Kurtz, was also CEO of McAFee during an infamous 2010 update that caused several PCs to be stuck in an endless boot loop. This likely makes George Kurtz the first CEO in history to preside over two major global PC outages caused by bad security software updates.
Linux users who have been impacted reportedly include those using Red Hat Enterprise Linux, Debian Linux (and Debian is the basis for the more-widespread Ubuntu), and Rocky Linux. All of the issues in question are impacting the underlying Linux kernel (universal across Linux distributions), though, seemingly crashing any Linux distributions using kernel versions 5.14.0-42713.1 and newer.
Linux users do seem to have more recourse for issues like this— including switching to an eBPF “User Mode”— but it speaks to the severity of CrowdStrike’s kernel software development issues if the company is managing to cripple Linux and Windows operating systems.
It also shows that there were warning signs for this past global outage, and that systems should have been in place at CrowdStrike some time ago to test these enterprise and government-targeted updates vigorously enough to prevent these kernel-level crashes. After all, most impacted users in these strictly-controlled environments likely don’t have the administrative access or knowledge required to fix these problems once they occur. In other words, much-improved QA testing would seem to be mandatory for CrowdStrike’s continued long-term success.
#CrowdStrike #issues #Windows #companys #security #software #reportedly #causing #kernel #panics #April