Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Even if true, the orgs whose machines they are have the responsibility to validate patches.


This is not a patch per se, it was Crowdstrike updating their virus definition or whatever it's called internal database.

Such things are usually enabled by default to auto-update, because otherwise you lose a big part of the interest (if there's any) of running an antivirus.


Surely their should be at least some staging on update files as well, to avoid the "oops, we accidentally blacklisted explorer.exe" type things (or, indeed, this)?


Companies have staging and test process but CS bypassed it and deployed to prod.


If I understand the thread correctly, CS bypassed the organization's staging system


I'm guessing there's a lesson to be learned here.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: