former FBI "credentials" do not guarantee technical, or even business operational, level of competence. the officers of klownstrike are not at all suspected by me of any malicious intent; but, arrogance (dissembling CYA humility in PR only), hubris ("we've been doing it this way for years," an on-air klown quote) & object incompetence (biz-op).
constantly updated parameter files, picked up kernel-mode ANYTHING, have to always be sanity checked against kernel-panic failure. checked, before issuance at their "source," & double-checked, on the "client" side, prior to actual kernel load. frequency of update is no excuse for not doing these things. auto-rollback is also required for klownstrike fail-safe. on all counts, these klowns failed.
whether the klowns make any significant & effective changes or not...
i am not debating whether or not kernal-mode, but M$ has never exercised adequate & proper control over access to & participation in it. malicious drivers? rootkits? heck yeah.
enterprise klown clients aren't completely off the hook in this, either. legally validated/certified biz operations require validated/certified/monitored/actively remediated IT systems.
no enterprises i know of or work with internally pre-valdates all patches/updates prior to placement into production. no longer funded/staffed for that in our just-in-time world.
but enterprises that do follow my advice, execute staggered rollouts of batched updates/patches into production. prioritizing well version controlled VMs as earliest adopters, they are observed for success or fail to full production boot. if fail full production boot, then freeze/block updates/patches & rollback to last known good. on 1st success, then internally serve boot-validated updates/patches to to the next enterprise segment (VM silo, biz/op silo, geo region - any reasonable segmentation will do) observe & so on. never everything, everywhere, all at once.
every update, everywhere, all at once, 24x365 is a business policy/operational/governance failure. much larger & far worse than individual klown strikes. EEAAO24x365 appears to be globally on par for client enterprise practice. who's responsible for that? who's questioning this?
the world was never completely at the mercy of only a klown strike. we allowed completely unmanaged & unconsionably brittle updates to deliver a globally showstopping sucker punch. "we" dared any klown to deliver a sucker punch.
this is not off topic, even though it fully exceeds "IT."