The defect was in a single it calls Channel 291, the corporate stated in Saturday’s technical weblog submit. The file is saved in a listing named “C:WindowsSystem32driversCrowdStrike” and with a filename starting “C-00000291-” and ending “.sys”. Regardless of the file’s location and identify, the file will not be a Home windows kernel driver, CrowdStrike insisted.
Channel File 291 is used to cross the Falcon sensor details about easy methods to consider “named pipe” execution. Home windows programs use these pipes for intersystem or interprocess communication, and will not be in themselves a menace — though they are often misused.
“The replace that occurred at 04:09 UTC was designed to focus on newly noticed, malicious named pipes being utilized by widespread C2 [command and control] frameworks in cyberattacks,” the technical weblog submit defined.
