Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Microsoft Security

Microsoft's Take On Kernel Access and Safe Deployment After CrowdStrike Incident (securityweek.com) 45

wiredmikey writes: As the dust settles following the massive Windows BSOD tech outages caused by CrowdStrike in July 2024, the question is now, how do we prevent this happening again? While there was no current way Microsoft could have prevented this incident, the OS firm is obviously keen to prevent anything similar happening in the future. SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices (or SDP).
Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.

He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...

Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...

And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.

He's also written guides on building cheap anti-drone equipment...
This discussion has been archived. No new comments can be posted.

Microsoft's Take On Kernel Access and Safe Deployment After CrowdStrike Incident

Comments Filter:
  • by at10u8 ( 179705 ) on Saturday October 12, 2024 @04:42PM (#64859749)
    strongly recommend deleting this post and starting over
    • Or leaving it to let the trolls have something to argue about: Whether kernal bug insertion into drones can save the Ukraine from the obvious end result when the United States stops poking the bear.

    • by ZeroPly ( 881915 ) on Saturday October 12, 2024 @08:59PM (#64860141)
      It's a metaphor for how easy it is to get things into the Microsoft kernel.
      • Yeah, Microsoft is a slut. Still not a good idea though unless you want KernelClippy to be released in about 9 months later.
        • Since there have been 4000+ data breaches in the state of Maine, USA since 2020, it might be time for a discussion of improving computer security. That's just the state of Maine, USA - what about the entire USA, EU, Asia, ... ?

          https://www.maine.gov/agviewer... [maine.gov]

          More generically, at what point of lost GDP due to data breaches does it become a focal point for government, companies and individuals?

          Right now, its
          - Data breach at company X, and they pay a fine to the government - likely paid by the company's liab

    • Oh, come on it's not that bad. Sure it's a little confusing at first but ...>@>E>@W>AD>A.. So befitting of our Ukrainian allies to make such strides in the war against Russia.
  • by Petersko ( 564140 ) on Saturday October 12, 2024 @04:43PM (#64859753)

    Body appears to be related to a different article than one linked.

    • by ls671 ( 1122017 )

      Looking closer it looks like he didn't clear his paste buffer or didn't clear the text in the submit text area before pasting the new relevant text related to Microsoft. The text relevant to Microsoft is there, at the beginning of TFS, first paragraph. Then follows the paste from the previous article. Anyway, don't editors have a preview button just like us?

      • Looking closer it looks like he didn't clear his paste buffer

        I hate it when that happens, you end up with random previous bits of text inserted into your post.

        with a gerbil. His girlfriend never forgave him.

  • by war4peace ( 1628283 ) on Saturday October 12, 2024 @04:49PM (#64859765)

    I got very used to regular dupes, but this is a new kind of dupe, hidden inside a different article.
    Well done, guys. Well done.

  • by rkww ( 675767 ) on Saturday October 12, 2024 @04:59PM (#64859785)
    You have
  • A: You get weird Slashdot dupes.

  • by 278MorkandMindy ( 922498 ) on Saturday October 12, 2024 @06:02PM (#64859877)

    Just delete this and start again.

  • by ItsJustAPseudonym ( 1259172 ) on Saturday October 12, 2024 @06:11PM (#64859893)
    Rebecca and Gary would be proud. https://www.snopes.com/fact-ch... [snopes.com]
  • Isn’t it kind of funny that we’re still using that old-school Von Neumann architecture for Microsoft kernel stuff? It’s like trying to defend a castle made of pillows from drones! And then you’ve got CrowdStrike, frantically trying to patch their DLLs like they’re putting band-aids on a leaking roof. Don’t even get me started on anti-drone tech—sure, it sounds cool, but then your Wi-Fi starts acting like it’s playing hide and seek with open-source info that ba
    • by Anonymous Coward
      ChatGPT is that you? I recognized you immediately from your anti-Von-Neumann architecture bias!
      • ChatGPT is that you? I recognized you immediately from your anti-Von-Neumann architecture bias!

        Nice catch, my friend! But let’s not kid ourselves—my point still stands. You slap a bunch of operating systems into a single box with one network connection and then act shocked when your security gets mugged. Come on, humans!

    • Isn’t it kind of funny that we’re still using that old-school Von Neumann architecture for Microsoft kernel stuff?

      What computer doesn't use the von Neumann architecture?

      • Exactly. Great for NSA-trusted networks. Otherwise known as 'The Ugly Red Book That Won't Fit On A Shelf' If you care about security in a hostile networked environment, throw out Von Neumann and throw out flat physical networking
      • by richi ( 74551 )

        What computer doesn't use the von Neumann architecture?

        The Non Veumann ones?

        I'll get me coat.

  • I'm not sure I understand Microsoft's Ukrainian centric tactic, but we'll see if it pays off.

  • Somebody forgot to eat their CmdrTaco Puffs.
  • "“My TLDR,” Weston told SecurityWeek, “is that SDP is the best tool we have in the toolbox for stopping outages. Kernel mode, user mode – not saying those are invalid, just saying those are a much smaller part of the problem. SDP can help prevent outages both inside and outside of the kernel.”"

    Yes, people who use your tool should do it slowly and with lots more work because you 'cannot' (choose not to) give them a reliable product.

    Otherwise all I saw there was people met, ESET

  • Seems a dupe was able to access the posting and inject itself into it.

  • Jus delete the Microsoft aspect of it. Itis a disgrace that nothing happened after they let it happen. I mean this would have been a company in The Netherlands, I could not imagine the steps the US would have taken.

    It is disgusting to see Microsoft take advantage of the incident.

    We want everything to be transparent, but then we want to enforce this standard as a requirement for working with Microsoft.”

    • Microsoft is a defendant in the Delta suit, and given that they didn't do basic null input validation they should be.

      There are other directions they could take, but I expect their response has more to do with a duty to act than "taking advantage". Will this be abused to seize more power over kernel modules? Probably, but they've been excluding unsigned/"untested" code since 2009.

  • They couldn't have possibly included input testing as part of their validation, and they have since rescinded the kernel driver signature right?

    How many other undocumented, untested, secret modules are being signed with no usable testing?

    This article also continues to repeat the lie that the broken update was somehow unique and hit an overflow that couldn't have been predicted. In fact the broken update was all null, as has been reported for months: https://x.com/jeremyphoward/st... [x.com]

In order to dial out, it is necessary to broaden one's dimension.

Working...