Personally, I don’t see the issue. Microsoft shouldn’t be responsible for when a third party creates a buggy kernel module.
And when you, as a company, decide to effectively install a low-level rootkit on all your machines in hopes that it will protect you against whatever, you accept the potential side effects. Last week, those side effects occurred.
Hard to say yet, if Microsoft is responsible or not. The thing is they certified it, as a stable and tested driver. But it isn’t just a driver, but an interpreter/loader that loads code at runtime and executes it. In kernel mode. If Microsoft knew this they’re definitely responsible for certifying it, but maybe crowdstrike hid this behavior until it was deployed to the customers.
It was my understanding that this wasn’t certified. Crowdstrike circumvented the signing process.
The driver was signed, the issue was with a configuration file for that’s not part of the driver.
MS gives them access, so they’re responsible.
I disagree. As someone else in this thread said: if you compile a buggy Linux driver that crashes the system, it’s still the fault of the driver.
I’m not exempting Crowdstrike and I’m not sure the comparison holds: linux is a kernel, mot a corporation.
Try Ubuntu or RedHat, would they be liable?