Announcement: Autonomos.AI’s New Tool for CrowdStrike/Microsoft Outage and Vulnerability Management

We at Autonomos.AI are thrilled to introduce a new tool designed to help patch specific vulnerabilities (CVE-2024-38080 and CVE-2024-38112) on your local systems. This guide offers clear, detailed instructions for Linux, Windows (using GUI), and PowerShell, including relevant code snippets and simplified format instructions.

Check it out here: [Patch Guide for Global Computer Outage]

This tool provides clear, detailed instructions for downloading and installing the patches on Linux, Windows (using GUI), and PowerShell. It verifies the successful application of the patches and offers troubleshooting advice if issues arise during the process. Additionally, it offers simplified, step-by-step guides to assist less experienced users.

The GPT also includes information on the recent CrowdStrike/Microsoft Outage and how to mitigate such issues in the future using NodeZero by Autonomos.ai for proactive security management.

Feel free to try it out and share your feedback!

*ChatGPT account required

Details of the CrowdStrike/Microsoft Outage

The recent outage involving CrowdStrike/Microsoft was due to a specific vulnerability that impacted their Falcon sensor, leading to widespread disruptions. Here are the details:

Cause of the Outage

The outage was triggered by vulnerabilities identified as CVE-2024-38080 and CVE-2024-38112. These vulnerabilities affected the Falcon sensor, leading to malfunction and service disruption. The specific causes included:

– CVE-2024-38080: This vulnerability was related to improper handling of input data within the Falcon sensor, which could be exploited to cause a buffer overflow, leading to crashes and potential code execution.
– CVE-2024-38112: This was a privilege escalation vulnerability within the Falcon sensor that allowed unauthorized users to gain elevated access, compromising the integrity of the sensor and associated data.

Filename and Sensor Details

The problematic file in question is part of the Falcon sensor’s core components. Here are the key details:

– Filename: `falcon_sensor_driver.sys` (for Windows systems), `falcon_sensor.ko` (for Linux systems).
– Sensor Version: Versions affected are from 6.32.0 to 6.40.2.

 Steps for Mitigation

To mitigate these issues, CrowdStrike has released patches that address the vulnerabilities. Here are the steps to download and install the patches for both Windows and Linux systems.

Windows (Using GUI)

– Download the Patch: Visit the CrowdStrike support portal and download the latest sensor update.
– Install the Patch:
– Open the downloaded file.
– Follow the on-screen instructions to complete the installation.
– Verify Installation:
– Open the Falcon console.
– Navigate to the ‘Sensor’ section and verify that the version number matches the latest patched version.

Linux

– Download the Patch:
– Use the command: `curl -O https://supportportal.crowdstrike.com/downloads/falcon-sensor-latest.rpm` (for RPM-based distributions)
– For DEB-based distributions, use: `curl -O https://supportportal.crowdstrike.com/downloads/falcon-sensor-latest.deb`
– Install the Patch:
– For RPM-based distributions: `sudo rpm -Uvh falcon-sensor-latest.rpm`
– For DEB-based distributions: `sudo dpkg -i falcon-sensor-latest.deb`
– Verify Installation:
– Check the version with: `sudo falconctl -g –version`
– Ensure the version matches the patched version listed on the support portal.

Verification and Troubleshooting

After applying the patches, ensure that the Falcon sensor is functioning correctly:

– Windows: Check the Event Viewer for any errors related to the Falcon sensor.
– Linux: Use system logs (`/var/log/syslog` or `/var/log/messages`) to check for any sensor-related errors.

Further Assistance

If issues persist, contact CrowdStrike support for detailed troubleshooting and assistance. It is also recommended to follow best practices for future mitigation, including:

– Proper Error Handling: Ensure all input data is validated and sanitized.
– Thorough Testing: Conduct extensive testing in a staging environment before deploying updates.
– Incremental Updates: Apply updates incrementally to monitor their impact.
– Monitoring and Rollback: Implement monitoring to detect issues early and have a rollback plan in place.
– Documentation and Training: Maintain comprehensive documentation and provide training for staff on handling updates and patches.
– Redundancy and Fail-Safes: Build redundancy into the system to handle failures without impacting services.
– Pre-Deployment Review: Review code changes thoroughly before deployment.
– Automated Testing Pipelines: Use automated testing to detect issues early in the development cycle.
– Staging Environments: Deploy changes first to staging environments that mirror production.
– User Feedback Loop: Collect feedback from users to identify and resolve issues promptly.

For proactive security management and rapid response to vulnerabilities, consider using tools like NodeZero by Autonomos.ai.

For a deeper dive into building robust defenses in the AI attack era, learn How NodeZero works-