Woke up to the news the news that Crowd Strike killed bunch of IT infrastructure. We weren't using that POS software in our company so the work day was not bad for me. I was talking to a co-worker about this news. I mentioned 'Crowd Strike is going go broke over this'. He said, 'No they won't.' "Won't they get sued into the ground for this." "Microsoft hasn't been sued over its bad updates."
I do a quick search to see if I could prove him wrong. All I could find is individuals taking Microsoft to court for forcing updates but no corporations have. It appears the software EULAs are so legally airtight that if a software update costs your company millions or billions...tough shit and suck it up.
Crowd Strike did several bad IT practices this update.
- Deploying on a friday (lol)
- not testing the update deployment (the update itself could've been fine but the update server might have corrupted the file)
- not doing a staged update
- the software probably makes it difficult or impossible to defer updates
As well Microsoft is still Microsofting with its driver BSODs.
I'm doubtful that either Crowd Strike or Microsoft will be held to account for the billions of dollars lost and millions of people that had their day ruined over this.
Basically, software companies are like vaccine companies and they are immune to legal liability.
Have a good weekend, unless you're in IT.
Anyone wanna give a quick rundown on what happened?
Well according to them, they pushed a bad config/AV definition file(why the fuck would they make these end with .sys despite not being valid drivers is beyond me) causing the main AV driver to shit the bed when Windows is booting up which will can be seen by computer starting up, BSODing then rebooting again(though windows will detect this and offer recovery options but are useless if the C drive is encrypted).
If Windows already rebooted with the bad file there is nothing else to be done other then reinstalling the system or following the "fix" which involves booting the machine into safe mode(good luck on enterprise systems which have BitLocker and need the decryption key) and manually removing the file.