Cybersecurity firm Crowdstrike pushed an update that caused millions of Windows computers to enter recovery mode, triggering the blue screen of death. Learn ...
Are there really a billion systems in the world that run Crowdstrike? That seems implausible.
JeeBaiChow@lemmy.world 1 month ago
Whoda thunk automatic updates to critical infrastructure was a good idea?
Toribor@corndog.social 1 month ago
Many compliance frameworks require security utilities to receive automatic updates. It’s pretty essential for effective endpoint protection considering how fast new threats spread.
The problem is not the automated update, it’s why it wasn’t caught in testing and how the update managed to break the entire OS.
jbloggs777@discuss.tchncs.de 1 month ago
It is pretty easy to imagine separate streams of updates that affect each other negatively.
CrowdStrike does its own 0-day updates, Microsoft does its own 0-day updates. There is probably limited if any testing at that critical intersection.
If Microsoft 100% controlled the release stream, otoh, there’d be a much better chance to have caught it. The responsibility would probably lie with MS in such a case.
LainTrain@lemmy.dbzer0.com 1 month ago
Nah EDR is pointless like all of cybersecurity. All these compliance frameworks are just a further grift to get a slice of B2B procurement budgets. The practice of cybersecurity has caused a more severe widespread outage than any malware ever could.
LodeMike@lemmy.today 1 month ago
Hospital stuff was affected. Most engineers are smart enough to not connect critical equipment to the Internet, though.
arunwadhwa@lemmy.world 1 month ago
I’m not in the US, but my other medical peers who are mentioned that EPIC (the software most hospitals use to manage patient records) was not affected, but Dragon (the software by Nuance that we doctors use for dictation so we don’t have to type notes) was down. Someone I know complained that they had to “type notes like a medieval peasant.” But I’m glad that the critical infrastructure was up and running. At my former hospital, we used to always maintain physical records simultaneously for all our current inpatients that only the medical team responsible for those specific patients had access to just to be on the safe side.
Juvyn00b@lemmy.world 1 month ago
I work healthcare adjacent and some providers were affected as expected. Hoping as well that those critical systems were not, but that chance is non zero.