CrowdStrike update epic fail crashed Windows systems worldwide
July 19, 2024
Windows machines worldwide displayed BSoD screen following a faulty update pushed out by cybersecurity firm CrowdStrike.
A faulty update released by CrowdStrike Falcon is causing Windows systems to display a BSoD screen. The incident is causing widespread global disruptions, impacting critical infrastructure such as airports, hospitals, and TV stations.
The company confirmed that the incident was not a cyber attack.
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.” reads the statement published by the cybersecurity firm. “The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.”
The cybersecurity firm declared that it is aware of reports of crashes on Windows hosts related to the Falcon Sensor, it also added that they have identified and fixed the problem.
The company states that they have identified the content deployment related to this issue and reverted those changes.
The popular cybersecurity expert Kevin Beaumont announced it had analyzed the Crowdstrike driver that caused the problem and discovered it isn’t a validly formatted driver.
He published an interesting discussion on Mastodon.
Below are the workaround steps provided by the company.
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:WindowsSystem32driversCrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
“We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels.” continues the company. “Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
IT giants Google and Microsoft were also impacted by the incident, virtual machines using the CrowdStrike agent experienced serious problems.
The BBC is publishing continuous real-time updates on the incident.
Despite Crowdstrike claims to have solved the issue, large organizations will face manual recovery of the impacted systems. The next few days will be very hard for these organizations.
Pierluigi Paganini
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Crowdstrike)