From PC Mag: About a week after millions of Windows machines displayed the blue screen of death around the world, Microsoft has confirmed the root cause of the incident that grounded thousands of flights and disrupted numerous businesses and public services.
"Our observations confirm CrowdStrike’s analysis that this was a read-out-of-bounds memory safety error in the CrowdStrike developed CSagent.sys driver," Microsoft explains in its technical analysis of the crash published Saturday.
The report notes that CrowdStrike's driver was a file system filter driver, which are optional drivers that attach to the file software stack and are common for anti-malware agents. These drivers are different from device drivers like GPU drivers designed for a specific piece of hardware. CrowdStrike's service for Windows machines loads four driver modules, but one specific file is being blamed for the crash.
"We can see the control channel file version 291 specified in the CrowdStrike analysis is also present in the crash indicating the file was read," Microsoft notes, confirming CrowdStrike's previous assertion last week that an issue with that 291 channel file caused the IT meltdown.
View: Full Article
