The defect was in a single it calls Channel 291, the corporate mentioned in Saturday’s technical blog post. The file is saved in a listing named “C:WindowsSystem32driversCrowdStrike” and with a filename starting “C-00000291-” and ending “.sys”. Regardless of the file’s location and identify, the file shouldn’t be a Home windows kernel driver, CrowdStrike insisted.
Channel File 291 is used to move the Falcon sensor details about consider “named pipe” execution. Home windows methods use these pipes for intersystem or interprocess communication, and aren’t in themselves a menace — though they are often misused.
“The replace that occurred at 04:09 UTC was designed to focus on newly noticed, malicious named pipes being utilized by widespread C2 [command and control] frameworks in cyberattacks,” the technical weblog put up defined.
