The fault was on one called Channel 291, the company said in a technical blog post on Saturday. The file is saved in a directory called “C:WindowsSystem32driversCrowdStrike” and the file name starts with “C-00000291-” and ends with “.sys”. Despite the location and filename, the file is not a Windows kernel drive, CrowdStrike emphasized.
Channel File 291 is used to transmit information to the Falcon sensor about how to test the use of a “named pipe”. Windows systems use these pipes for intersystem or interprocess communication, and in themselves they are not a threat – although they can be misused.
“The update that took place at 04:09 UTC was designed to target the recently viewed, notorious pipelines used by Common C2. [command and control] frameworks in cyberattacks,” explains a technical blog post.
Source link