VMware Carbon Black bug crashes a bunch of Windows PCs, servers

Shutterstock
(Image credit: Shutterstock)

A bug in VMWare’s Carbon Black endpoint security solution crashed numerous enterprise servers and workstations, the company has confirmed.

More than 50 organizations have so far reported experiencing the Blue Screen of Death (BSOD), and suspected Carbon Black to be at the core of the issue.

The root of the problem appears to be a ruleset VMware deployed to the solution earlier this week, to its Cloud Sensor. The ruleset, 3.6.0.1979 - 3.8.0.398 is what seems to have caused the crashes. Apparently, users running Windows 10 x64, Server 2012 R2 x64, as well as Server 2019 x64, were affected.

Conflict

"VMware Carbon Black is aware of an issue affecting a limited number of customer endpoints, where certain older sensor versions were impacted by an update of our behavioral preventative capabilities,” the company said in a statement. “The issue has been identified and corrected, and VMware Carbon Black is working with impacted customers."

Further investigation uncovered a conflict between Carbon Black and AV signature pack 8.19.22.224. 

Publishing a security advisory in the aftermath, VMware explained how “an updated Threat Research ruleset was rolled out to Prod01, Prod02, ProdEU, ProdSYD, and ProdNRT after internal testing showed no signs of issues.” The ruleset has since been rolled back, and deeper analysis is currently underway, it was added. 

To organizations that can’t wait for a fix, VMware recommended putting sensors into Bypass mode via Carbon Black Cloud Console, as that allows users to boot the devices and roll back the broken ruleset. 

However, the fix doesn’t seem to be working for everyone. Almost 24 hours later, one user commented “still affected - around a dozen endpoints have not recovered, hands seem tied,” further adding that the bypass was applied. “Reboot into safe mode with networking and wait a %undefined time% period. Reboot and see if fixed. Some are - some are not. Repeat & Try again.”

Via: BleepingComputer

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Security
Broadcom releases fixes for multiple VMware security flaws
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Veeam urges users to patch security issues which could allow backup hacks
A person's fingers type at a keyboard, with a digital security screen with a lock on it overlaid.
Veeam backup software has a serious security flaw - here's how to stay safe
A concept image of someone typing on a computer. A red flashing danger sign is above the keyboard and nymbers and symbols also in glowing red surround it.
New UEFI Secure Boot flaw exposes systems to bootkits
A Windows 11 laptop sitting on a desk in front of a window
Microsoft warns its January Windows updates may fail if this Citrix software is installed
Latest in Pro
Group of people meeting
Inflexible work policies are pushing tech workers to quit
An image of network security icons for a network encircling a digital blue earth.
Why multi-CDNs are going to shake up 2025
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Group of people meeting
Inflexible work policies are pushing tech workers to quit
A young woman is working on a laptop in a relaxed office space.
I’ll admit, Microsoft’s new Windows 11 update surprised me with its usefulness, providing accessibility fixes, a gamepad keyboard layout, and PC spec cards
Youtube
YouTube Premium could be getting a new time-saving perk, showing you recommended videos directly in your playback queue
inZOI promotional material.
inZOI has become the most wishlisted game on Steam, but I wouldn't get too caught up in the hype
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools