[benfortuna]

Keep in mind they don't just allow any old code to execute in the kernel.

They do have rigorous tests (WHQL), it's just Crowdstrike decided that was too burdensome for their frequent updates, and decided to inject code from config files (thus bypassing the control).

The fault here is entirely with Crowdstrike.

[capitainenemo]

Is there any evidence that the config files had arbitrary code in them? The only analysis I'd seen so far indicated a parsing error loading a viral signature database that was routinely updated, but in this case was full of garbage data.

[benfortuna]

Perhaps not verified, but some smart people do have convincing arguments:

https://youtu.be/wAzEJxOo1ts?si=UNNxAN27VV1E6mcP&t=505

[capitainenemo]

Any article/blog/text-that-can-be-read?

[alecco]

Don't bother. He just repeats a tweet saying a null+offset dereference and also the speculation of that null picked from the sys file.

[remram]

How rigorous are the tests if faulty data can brick the machine?

[dwattttt]

Not rigorous enough to have detected this flaw in the kernel sensor, although effectively any bug in this situation (an AV driver) can brick a machine. I imagine WHQL isn't able to find every possible bug in a driver you submit to them, they're not your QA team.