2024年7月19日发生了什么?
On July 19, 2024, two additional IPC Template Instances were deployed. Due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data.
Based on the testing performed before the initial deployment of the Template Type (on March 05, 2024), trust in the checks performed in the Content Validator, and previous successful IPC Template Instance deployments, these instances were deployed into production.
When received by the sensor and loaded into the Content Interpreter, problematic content in Channel File 291 resulted in an out-of-bounds memory read triggering an exception. This unexpected exception could not be gracefully handled, resulting in a Windows operating system crash (BSOD).
*What Happened on July 19, 2024? *
2024年7月19日发生了什么?
On July 19, 2024, two additional IPC Template Instances were deployed. Due to a bug in the Content Validator, one of the two Template Instances passed validation despite containing problematic content data.
2024年7月19日,部署了另外两个IPC模板实例。由于内容验证器中的bug,尽管包含有问题的内容数据,但两个模板实例中的一个通过了验证。
Based on the testing performed before the initial deployment of the Template Type (on March 05, 2024), trust in the checks performed in the Content Validator, and previous successful IPC Template Instance deployments, these instances were deployed into production.
基于在模板类型初始部署(2024年3月5日)之前执行的测试、对Content Validator中执行的检查的信任以及以前成功的IPC模板实例部署,这些实例被部署到生产环境中。
When received by the sensor and loaded into the Content Interpreter, problematic content in Channel File 291 resulted in an out-of-bounds memory read triggering an exception. This unexpected exception could not be gracefully handled, resulting in a Windows operating system crash (BSOD).
当传感器接收到并加载到内容解释器中时,通道文件291中有问题的内容会导致越界内存读取触发异常。无法正常处理此意外异常,导致Windows操作系统崩溃(BSOD)。
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
https://www.ithome.com/0/784/059.htm