---

@dcontesti wrote:

This affected the Availability of many systems globally.  I really question where their Change Management was....no testing? What happened to the Development/Testing/QA/ Production?  A classic fail on their part.

Absolutely. It may not have been malicious, but it most certainly is a security incident. Otherwise, 90 percent of the CVE "isn't a security incident."

Part of this is the hazard of uniformity in systems, but this also highlights the hazard of supply-chain attacks. Think about it; you have all these Windows systems bricked by a third-party application. Isn't this what everyone is squealing about these days with "zero trust?"

@Caute_cautim @JoePete 

So my take, while maybe not malicious, I tend to think of this in terms of a Security Breach.  The basis for most things we do in Security is CIA, although of late, Integrity and Availability are not discussed as much as Confidentiality.  Also when computers start blue screening for no apparent reason, Security always get tapped to work on the issue.  From past experiences, most people think that seeing the Blue Screen indicates they have been hacked.

I believe this is a colossal failure in their (CrowdStrike) Change Management processes (development/testing/QA and finally deployment).

I also question the contracts in place with CrowdStrike that allows them to automatically push a patch/fix to systems without (so it seems) proper notification.  Not sure about others but we do not even let M$ push patches without our knowledge.  Whilst they may be downloaded automatically, they are not deployed until they are tested in house.

Total failure;  Management 101 gets an F- for CrowdStrike.  To those that have cntracts with CrowdStrike also an F-.

d

Thanks for sharing this information with us @Caute_cautim.

@dcontestiThe mainframe users are glad they were not affected at all....

Regards

Caute_Cautim

Smiles.  When I first started at my company (too many years ago)......the mainframe was going away.............Its still there and working.