first off I was surprised when I got up about the reach of this through South Africa, Australia and New Zealand.

its shocking how nobody stages anything just roll directly to production. I know this is CI/Agile so expect more of this, not less.

next is the file everyone is crying to reboot into safe mode to delete. It’s all zeros. Not a valid device driver. Not a valid anything.

how is it getting loaded??

looking at the stack trace I found on twitter the driver csagent is faulting. Is it actually binary loading a blob into kernel space and executing it, bypassing all checks for valid/signed code by the kernel?

i hope I’m wrong or this is like I can’t even.

time will tell.