Vulnerability cyber

CrowdStrike

Mar 6, 2025 1 min read
CrowdStrike

Security researchers at SEC Consult uncovered a vulnerability in CrowdStrike's Falcon Sensor, named 'Sleeping Beauty,' that let attackers bypass detection mechanisms and execute malicious applications. Attackers could suspend EDR processes to evade detection once they obtained SYSTEM permissions on Windows, using Process Explorer to suspend Falcon processes. Though CrowdStrike initially did not consider it a security vulnerability, the issue allowed the execution of typically blocked malicious tools. Eventually, CrowdStrike corrected the flaw by preventing process suspension, acknowledging the oversight after researchers discovered the change.

Source: https://cybersecuritynews.com/researchers-bypassed-crowdstrike-falcon-sensor/

TPRM report: https://scoringcyber.rankiteo.com/company/crowdstrike

"id": "cro404030625",
"linkid": "crowdstrike",
"type": "Vulnerability",
"date": "3/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Cybersecurity',
                        'name': 'CrowdStrike',
                        'type': 'Company'}],
 'attack_vector': 'Process Suspension',
 'description': 'Security researchers at SEC Consult uncovered a vulnerability '
                "in CrowdStrike's Falcon Sensor, named 'Sleeping Beauty,' that "
                'let attackers bypass detection mechanisms and execute '
                'malicious applications. Attackers could suspend EDR processes '
                'to evade detection once they obtained SYSTEM permissions on '
                'Windows, using Process Explorer to suspend Falcon processes. '
                'Though CrowdStrike initially did not consider it a security '
                'vulnerability, the issue allowed the execution of typically '
                'blocked malicious tools. Eventually, CrowdStrike corrected '
                'the flaw by preventing process suspension, acknowledging the '
                'oversight after researchers discovered the change.',
 'impact': {'systems_affected': ['Falcon Sensor']},
 'motivation': 'Bypass Detection Mechanisms',
 'response': {'remediation_measures': ['Preventing process suspension']},
 'title': "Sleeping Beauty Vulnerability in CrowdStrike's Falcon Sensor",
 'type': 'Vulnerability Exploitation',
 'vulnerability_exploited': 'Sleeping Beauty'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.