Vulnerability Detection Update, July 19
Release Date: 2024-07-19
New Detections
Added detection for Cisco Secure Email Gateway (CVE-2024-20401)
Added detection for Campbell Scientific CSI Web Server
Added detection for CrowdStrike Falcon Sensor
Bug Fixes and Minor Improvements
Improved detection for Xbox Gaming Services
CrowdStrike Falcon Sensor
The Crowdstrike outage caused by an update to their EDR solution is one of the largest outages ever seen. Outpost24 and its services are unaffected.
While we cannot help customers fix the issue directly, we can help identify where they have servers that are potentially impacted with our NetSec solutions.
For our customers who utilize Crowdstrike, particularly those using the Falcon Sensor service, customers can log into our NetSec solutions and use the findings view. By searching for finding ID 1458876, a list of Windows hosts with the affected software can be generated. This information is crucial for prioritizing manual verification and remediation efforts.
Customers can also create a dynamic group, if setting collateral or business criticality or availability priority based on the resulting view. This will give you a list of the most critical assets potentially impacted.
Workaround for impacted systems
A complete solution to the outage is not yet available. However, there is a manual workaround that can be implemented with caution as it involves manual removal of files from a system. This workaround, originally published by Thales Tesserent, involves:
Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys” and delete it.
Boot the host normally.
Our services and solutions remain unaffected by the outage last Friday and operations continue as normal.
Keep an eye on our website for more advice on the matter.
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.