.png)
1. The failure occurred after a faulty update to a widely used cybersecurity program from CrowdStrike brought down Microsoft systems.
2. For those already affected, the solution involves manually deleting the faulty file from Safe Mode or Windows Recovery Environment.
In an unprecedented event, a recent update to CrowdStrike Falcon security software triggered global chaos by crashing Windows systems, impacting critical organizations around the world such as airports, television stations, and hospitals. The outage, which began in the early hours of Friday, July 19, 2024, left many organizations without access to critical threat detection and response tools, with numerous devices running Microsoft's Windows operating system beginning to experience errors. , showing the blue screen (BSOD).
This outage affected multiple sectors, including banks, airports, television stations and hotels, leading to reports of problems in Australia, followed by similar reports from the United Kingdom, India, Germany, the Netherlands and the United States.
The outage, which began at 8:00 AM GMT, affected CrowdStrike's Falcon platform, preventing user organizations from receiving real-time threat alerts and automated incident responses. The outage lasted approximately six hours, during which many businesses were exposed to potential cyber attacks without adequate protection.
Response from CrowdStrike
CrowdStrike, through George Kurtz, its CEO, assured this Friday (07/19/2024) that its engineers resolved the problem that has caused the global failure in Microsoft systems, also indicating that it may take time for some customers to return to operate.
Global repercussions
The outage has sparked concern in the business and cybersecurity community, as many organizations found themselves exposed during the downtime. "These types of outages underscore the importance of having robust backup strategies," said one security analyst. "When you rely so much on a single supplier, any disruption can have significant consequences." For example, almost 1,400 flights have been canceled and many others delayed.
In fact, Crowdstrike shares fell 14% in the first hours of the blackout. Microsoft shares also fell, as did those of companies in the tourism and travel sector, which have been the most affected so far.
Who is CrowdStrike?
CrowdStrike is a cybersecurity company founded in 2011, providing cloud-based solutions. It specializes in cyber threat detection and response, threat intelligence, and endpoint protection. Its core platform, Falcon, uses artificial intelligence and machine learning to detect and prevent threats in real time. It is headquartered in Austin, Texas, employs nearly 8,500 people, and has been listed on the Nasdaq stock exchange since 2019.
CrowdStrike Falcon was the first intelligent, cloud-native, multi-tenant security solution capable of protecting workloads in on-premises, virtualized, and cloud-based environments running on a variety of endpoints, including laptops, desktops, servers. , virtual, machines and devices of the internet of things.
Recommendations:
To minimize risks, it is recommended:
Start Windows in Safe Mode or Windows Recovery Environment.
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory in Explorer.
Locate the file “C-00000291-00000000-00000032.sys”, right click and rename it to “C-00000291-00000000-00000032.renamed” (the version may be different for your host) or also locate the file “ C-00000291*.sys” and delete it.
Boot the host normally.
For azure environments:
Sign in to the Azure console --> Go to Virtual Machines --> Select the VM.
Top left on the console --> Click : "Connect" --> Click --> Connect --> Click "More ways to connect" --> Click : "Serial console" .
Once SAC has loaded, type 'cmd' and hit enter. SET command 'cmd', SET : ch -si 1.
Press any key (space bar). Press any key (space bar). Enter administrator credentials.
Type the following:bcdedit /set {current} safeboot minimal.bcdedit /set {current} safeboot network.
Restart the virtual machine. Restart the virtual machine.
Domain
crowdstrikebluescreen[.]com
crowdstrike0day[.]com
crowdstrike-bsod[.]com
crowdstrikedoomsday[.]com
crowdstrikefix[.]com
crowdstrikedown[.]site
crowdstriketoken[.]com
Sources:
Comments