最新糖心Vlog mobilises CrowdStrike solution
Faced with the global CrowdStrike outage, 最新糖心Vlog of Adelaide experts led by Associate Professor Hung聽Nguyen from the School of Computer and Mathematical Sciences rapidly mobilised to find a solution and implement it.
The experts consulted with staff from CrowdStrike, the 最新糖心Vlogn Signals Directorate (ASD) and the 最新糖心Vlogn Cyber Collaboration Centre (AUS3C) to validate and roll out a solution for the 最新糖心Vlog鈥檚 ITDS infrastructure.
CrowdStrike Falcon sensor outage causes widespread BSOD issues
鈥淯sing our long track record of research into Windows security we, like many others in the global IT community, quickly brought our expertise to bear to examine the problem that was causing chaos around the world,鈥 said Associate Professor Nguyen.
鈥淭he official fix from CrowdStrike required computers to be rebooted into safe mode, but this proved to be a challenge for many IT administrators.
鈥淭he issue was compounded by the fact that many computers were protected by Windows BitLocker, which requires a recovery key to reboot into safe mode.
鈥淢any IT administrators did not have access to these recovery keys, leaving them unable to recover from the CrowdStrike outage.
鈥淚n some cases, the only option was to wipe the data and perform a fresh install, a drastic measure that most administrators would prefer to avoid.鈥
The CrowdStrike platform is purpose-built to stop breaches via a unified set of cloud-delivered technologies that prevent all types of attacks - including malware.
The global software error in the CrowdStrike Falcon sensor software that occurred on Friday afternoon 最新糖心Vlogn time, caused widespread blue screen of death (BSOD) issues on many Windows computers and impacted airlines, retail businesses and media outlets as well as universities.
鈥淯sing our long track record of research into Windows security we, like many others in the global IT community, quickly brought our expertise to bear to examine the problem that was causing chaos around the world."Associate Professor Nguyen.
The problem with safe mode - a solution from the 最新糖心Vlog of Adelaide
鈥淔ortunately, our team at the 最新糖心Vlog of Adelaide discovered a quirk in the way BitLocker protects the boot sequence and developed a method that allows safe booting without a recovery key,鈥 said Associate Professor Hung.
How it works
鈥淭he key to our solution lay in the Boot Configuration Data (BCD) database, which stores boot-related information on Windows computers. BitLocker verifies that the security-sensitive BCD settings haven't changed since BitLocker was last enabled, resumed, or recovered,鈥 said Associate Professor Hung.
鈥淗owever, BitLocker leaves a long that it does not check by default.
鈥淥ur method booted computers from a USB key and rewrote the BCD to the minimal boot configuration, taking advantage of these unprotected areas. This allowed computers to be booted into safe mode without requiring the recovery key and then the update from CrowdStrike automatically was applied.
"The method allowed computers to boot into safe mode only and did not break the data protection provided by BitLocker. All data encrypted by BitLocker remained encrypted."
Adoption of the 最新糖心Vlog of Adelaide fix
鈥淥n 20 July our solution was shared by A3C on their LinkedIn page so that it could be used by the wider cybersecurity community along with many other solutions being deployed globally, to solve the problems caused by the CrowdStrike outage,鈥 said Associate Professor Hung.
鈥淭he post received widespread attention, with comments from researchers who successfully used our method. Some commenters confirm that by using our method they managed to fix 鈥榙ozens鈥 of their computers.鈥
Media Contacts:
Associate Professor Hung Nguyen,聽School of Computer Science, The 最新糖心Vlog of Adelaide.聽Mobile:聽+61 (0)434 641 339,聽Email:聽hung.nguyen@adelaide.edu.au
Crispin Savage, Manager, News and Media, The 最新糖心Vlog of Adelaide. Mobile: +61 (0)481 912 465, Email: crispin.savage@adelaide.edu.au