Сlarity and Trust – We take pride in being the site where you can feel free to express your opinion and leave feedback. Whenever you click on the websites of products reviewed by us, we participate in the revenue sharing and get commissions that help us maintain our project. Read more about how we work.

Some Versions of VMware Carbon Black Cause BSODs on Windows

Now Reading
Some Versions of VMware Carbon Black Cause BSODs on Windows

Servers and workstations running Windows began to fail in dozens of organizations around the world – it turned out to be a bug provoked by some versions of the Carbon Black security product from VMware.

Carbon Black, acquired by the company in 2019, is a suite of cloud-based endpoint security tools “aimed at strengthening corporate cybersecurity.”

Let me remind you that we also wrote that Much of the Cybersecurity Budget Is Wasted.

The root of the problem affecting many companies lies in the rule set deployed on August 23, 2022 for Carbon Black Cloud Sensor versions 3.6.0.1979 – 3.8.0.398. This update causes devices to crash and cause a Blue Screen of Death (BSOD) on system startup, essentially rendering the machine completely unusable.

The BSOD problem surfaced 24.08.2022, with threat hunter Tim Geschwindt stating on Twitter he knew of about 50 organizations struggling with the issue, and saying the Carbon Black endpoint solution was “causing blue screens of death for devices running sensor version 3.7.0.1253” (later expanded to a broader range of sensors).The Register journalists write.

The issue affects Windows 10 x64, Windows Server 2012 R2 x64, Windows Server 2016 x64, and Windows Server 2019 x64. On affected systems, the problem code may look like “PFN_LIST_CORRUPT”.

VMware Carbon Black

On Reddit, administrators complain that some of them are experiencing BSODs on 500 or more endpoints at the same time.

VMware representatives have already confirmed the problem. They write that “an updated Threat Research rule set has been rolled out to Prod01, Prod02, ProdEU, ProdSYD and ProdNRT after internal testing showed no signs of issues.” The company is currently investigating the bug, is already working with affected customers, and a new set of rules is being rolled back to quickly fix the problem.

Additionally, as a temporary workaround, VMware is proposing to put sensors into Bypass mode via the Carbon Black Cloud console. This will allow affected devices to boot, after which administrators can remove the bugged ruleset.

What's your reaction?
Love It
0%
Like It
0%
Want It
0%
Had It
0%
Hated It
0%
About The Author
Vladimir Krasnogolovy
Comments
Leave a response

Leave a Response