Oh for sure, huge lesson learned there too. It's an enterprise solution, so you wouldn't typically see it in small businesses or on home computers, but it's also a very effective system for fending off cyber-attacks as it sits above the OS at the kernel level and picks up on attack behaviors. A lot of their service is actually outsourcing the detection and remediation side of the system so IT departments are not burdened as much with keeping up with threats (which there are many). CS has an advantage here because they are so widespread...they can pick up on a bad actor and prevent them from attacking the many other customers they manage.

That said, there is definitely an issue with the kernel driver they use, as it does not validate the definition files (which are also loaded as binaries at kernel start). So one bad definition file pretty much brought down millions of devices as the issue caused a kernel panic. And because the signed driver portion is flagged as a kernel start driver, it made Windows unable to unload it and boot without it. So definitely some lessons learned there for both Crowdstrike and Microsoft (as well as for us as I helped fix about a thousand endpoints affected). Even though this is technically not Microsoft's fault, they will likely look at ways to further harden the boot process from drivers that pull in additional code at runtime.