SoylentNews

Arthur T Knackerbracket has processed the following story:

Microsoft's Patch Tuesday for August 2024 includes a fix for a security vulnerability in the Grub2 boot loader, which is used by many Linux operating systems. Tracked as CVE-2022-2601, this flaw, discovered in 2022, could lead to an out-of-bounds write with a potential bypass of Secure Boot protection.

The Grub2 boot loader provides compatibility with the Secure Boot technology on PCs running Linux systems. After installing the new patch, Windows applies a Secure Boot Advanced Targeting (SBAT) policy to block vulnerable Linux boot loaders that could compromise OS security.

Microsoft explained that the SBAT value would not be applied to dual-boot systems with both Windows and Linux on the boot drive, so the patch was expected not to impact these systems. However, many users with dual-boot configurations have reported that the CVE-2022-2601 update still rendered booting into a Linux OS impossible.

The issue appears to affect various Linux distributions, including popular ones such as Ubuntu, Linux Mint, Zorin OS, Puppy Linux, and others. Affected systems typically display a "Security Policy Violation" error at boot, indicating a failed check on "shim SBAT data." Boot problems have been reported on both dual-boot systems and on Windows devices running Linux from an ISO image, USB drive, or optical media.

Microsoft's bulletin noted that only older Linux distros' ISOs were expected to experience boot issues following the CVE-2022-2601 patch. However, users with systems released in 2024 also seem to be affected. The only reliable way to restore a bootable state appears to be disabling Secure Boot entirely. Alternatively, users can follow the steps to remove the SBAT policy introduced by Microsoft this past week.

Original Submission

Breaking: CrowdStrike code update bricking Windows machines around the world

c0lo writes:

Announcement

UPDATED An update to a product from infosec vendor CrowdStrike is bricking computers running Windows.

The Register has found numerous accounts of Windows 10 PCs crashing, displaying the Blue Screen of Death, then being unable to reboot.

"We're seeing BSOD Org wide that are being caused by csagent.sys, and it's taking down critical services. I'll open a ticket, but this is a big deal," wrote one user.

Forums report that Crowdstrike has issued an advisory with a URL that includes the text "Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19" – but it's behind a regwall that only customers can access.

An apparent screenshot of that article reads "CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor. Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor."

CrowdStrike's engineers are working on the issue.

Falcon Sensor is an agent that CrowdStrike claims "blocks attacks on your systems while capturing and recording activity as it happens to detect threats fast."

Right now, however, the sensor appears to be the threat.

This is a developing story and The Register will update it as new info comes to hand. ®

Updated at 0730 UTC to add Brody Nisbet, CrowdStrike's chief threat hunter, has confirmed the issue and on X posted the following:

There is a faulty channel file, so not quite an update. There is a workaround... 1. Boot Windows into Safe Mode or WRE. 2. Go to C:\Windows\System32\drivers\CrowdStrike 3. Locate and delete file matching "C-00000291*.sys" 4. Boot normally.

In a later post he wrote "That workaround won't help everyone though and I've no further actionable help to provide at the minute".
More to come as the situation evolves ...

In Australia, CrowdStrike IT outage hits airports, banks, supermarkets as emergency committee meets

A major network outage has affected several Australian institutions and businesses, including multiple airports, the Commonwealth Bank, Optus, Australia Post and Woolworths.

Original Submission #1  Original Submission #2 

Major Global IT Outage Grounds Planes and Blocks Media Worldwide

upstart writes:

Airports and other key infrastructure sites around the world have reported disruptions amid problems with communications:

Disruption to air traffic control systems is being reported around the world. Preliminary reports say a computer glitch may be causing the problem. Issues have arisen in the US, Spain, Germany, Australia, and elsewhere, with authorities forced to cancel takeoffs and landings due to safety concerns.

The outage was first reported about midnight CET on Thursday night/Friday.

The failure may have been caused by a software update that locks Microsoft operating systems and is reportedly not restricted to airlines. Some banks, emergency services, broadcasters, and financial institutions are also said to have been affected.

Computers using Windows 10 OS are reportedly crashing and showing "the blue screen of death" (BSOD) after an update for a security product provided by the firm CrowdStrike. The company is reportedly working on resolving the issue.

Brody Nisbet, CrowdStrike's chief threat hunter, has offered a workaround to deal with what he called a "faulty channel file" related to the Falcon Sensor cybersecurity app.

See also:

• Crowdstrike and Microsoft: What we know about global IT outage
• RT

Julian Assange has been released from a British prison and is expected to plead guilty to violating US espionage law, in a deal that would allow him to return home to his native Australia.

Assange, 52, agreed to plead guilty to a single criminal count of conspiring to obtain and disclose classified US national defence documents, according to filings in the US district court for the Northern Mariana Islands.

Wikileaks posted on social media a video of its founder boarding a flight at London's Stansted airport on Monday evening and Australian prime minister Anthony Albanese confirmed he had left the UK.

https://www.theguardian.com/media/article/2024/jun/25/julian-assange-may-be-on-his-way-to-freedom-but-this-is-not-a-clear-victory-for-freedom-of-the-press

The release from a UK prison of Julian Assange is a victory for him and his many supporters around the world, but not necessarily a clear win for the principle underlying his defence, the freedom of the press.

The charges Assange is anticipated to plead guilty to as part of a US deal, and for which he will be sentenced to time served, are drawn from the 1917 Espionage Act, for "conspiring to unlawfully obtain and disseminate classified information related to the national defense of the United States".

So although the WikiLeaks founder is expected to walk free from the US district court in Saipan after Wednesday's hearing, the Espionage Act will still hang over the heads of journalists reporting on national security issues, not just in the US. Assange himself is an Australian, not a US citizen.

Live: Father of Julian Assange hints at son's return to Australia after prison release - ABC News:

Nothing is certain until it happens and there's a lot we still don't know about how Julian Assange's case will proceed.

A lot of our understanding at this stage is coming from the court documents, which state that he'll appear before a judge in Saipan at 9am local time tomorrow.

An email from the Department of Justice (DOJ) to the judge in the Northern Mariana Islands states that Assange is expected to plead guilty to one count of conspiracy to obtain and disclose national defence information, and that he'll be sentenced for that offence.

American media outlets are reporting that the plea deal would need to be approved by the judge, and WikiLeaks has described the agreement as having "not yet been formally finalised."

But Assange's departure from the UK is a massive development in the case, and the court document says the DOJ expects he'll return to Australia "at the conclusion of the proceedings".