Security researchers at SEC Consult uncovered a vulnerability in CrowdStrike's Falcon Sensor, named 'Sleeping Beauty,' that let attackers bypass detection mechanisms and execute malicious applications. Attackers could suspend EDR processes to evade detection once they obtained SYSTEM permissions on Windows, using Process Explorer to suspend Falcon processes. Though CrowdStrike initially did not consider it a security vulnerability, the issue allowed the execution of typically blocked malicious tools. Eventually, CrowdStrike corrected the flaw by preventing process suspension, acknowledging the oversight after researchers discovered the change.
Source: https://cybersecuritynews.com/researchers-bypassed-crowdstrike-falcon-sensor/
"id": "cro404030625",
"linkid": "crowdstrike",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"