The defect was in a single it calls Channel 291, the corporate mentioned in Saturday’s technical weblog submit. The file is saved in a listing named “C:WindowsSystem32driversCrowdStrike” and with a filename starting “C-00000291-” and ending “.sys”. Regardless of the file’s location and identify, the file is just not a Home windows kernel driver, CrowdStrike insisted.
Channel File 291 is used to move the Falcon sensor details about how one can consider “named pipe” execution. Home windows methods use these pipes for intersystem or interprocess communication, and usually are not in themselves a menace — though they are often misused.
“The replace that occurred at 04:09 UTC was designed to focus on newly noticed, malicious named pipes being utilized by frequent C2 [command and control] frameworks in cyberattacks,” the technical weblog submit defined.
