CrowdStrike has repudiated findings from Qihoo 360 claiming that the Falcon EDR sensor vulnerability resulting in last month's massive global IT outage was a memory corruption issue that could have led to privilege escalation or remote code execution attacks, according to SecurityWeek.
Attackers could not exploit the flaw to allow arbitrary memory address write or program execution even if they could manipulate kernel memory, said CrowdStrike Vice President Adam Meyers. "Even if an attacker had complete control of the value being read, the value is only used as a string containing a regular expression. We have investigated the code paths following the OOB read in detail, and there are no paths leading to additional memory corruption or control of program execution," noted Meyers, who added that several protective measures have been implemented by the firm to avoid channel file tampering. Such a development comes just after CrowdStrike issued a root cause analysis on the faulty Falcon update.
