top | item 41009508

(no title)

temac | 1 year ago

"It blows my mind that a kernel driver with the level of proliferation in industry could make it out the door apparently without even the most basic level of qualification."

It was my understanding that MS now sign 3rd party kernel mode code, with quality requirements. In which case why did they fail to prevent this?

discuss

YZF|1 year ago

Drivers have had to be signed forever and pass pretty rigorous test suites and static analysis.

The problem here is obviously this other file the driver sucks in. Just because the driver didn't crash for Microsoft in their lab doesn't mean a different file can't crash it...

rlanday|1 year ago

There’s a design problem here if the driver can’t be self-contained in such a way that it’s possible to roll back the kernel to a known good state.

fransje26|1 year ago

> Just because the driver didn't crash for Microsoft in their lab doesn't mean a different file can't crash it...

    "What are you complaining about? It works on my machine."™

einpoklum|1 year ago

> In which case why did they fail to prevent this?

"Oh, crowdstrike? Yeah, yeah, here's that Winodws kernel code signing key you paid for."

whydoyoucare|1 year ago

You can pay for it and sign a file full of null characters. Signing has nothing to do with quality from what I understand.

Drygord|1 year ago

[deleted]

cardamomo|1 year ago

Please explain this comment. How is the Crowdstrike incident related to the Key Bridge collision?