The defect was in a single it calls Channel 291, the corporate mentioned in Saturday’s technical weblog submit. The file is saved in a listing named “C:WindowsSystem32driversCrowdStrike” and with a filename starting “C-00000291-” and ending “.sys”. Regardless of the file’s location and identify, the file just isn’t a Home windows kernel driver, CrowdStrike insisted.
Channel File 291 is used to cross the Falcon sensor details about how one can consider “named pipe” execution. Home windows techniques use these pipes for intersystem or interprocess communication, and should not in themselves a menace — though they are often misused.
“The replace that occurred at 04:09 UTC was designed to focus on newly noticed, malicious named pipes being utilized by widespread C2 [command and control] frameworks in cyberattacks,” the technical weblog submit defined.
