The CEO of CrowdStrike expresses regret for causing disruptions to IT systems globally, providing solution details

The issue was identified in a component referred to as Channel 291, as mentioned in the technical blog post published on Saturday. The file can be found in a folder named “C:WindowsSystem32driversCrowdStrike” with a file name starting with “C-00000291-” and ending with “.sys”. Although the file is situated and named as such, CrowdStrike clarified that it is not a Windows kernel driver.

Channel File 291 is utilized for transmitting information to the Falcon sensor regarding how to analyze execution through “named pipes”. These pipes are used by Windows systems for communication between systems or processes, and are not inherently malicious – but they can be abused.

“The update implemented at 04:09 UTC was intended to address newly detected, malicious named pipes utilized by popular C2 [command and control] frameworks in cyber assaults,” explained the technical blog post.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts