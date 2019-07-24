from the fortunately-we-don't-run-windows dept.
Breaking: CrowdStrike code update bricking Windows machines around the world
UPDATED An update to a product from infosec vendor CrowdStrike is bricking computers running Windows.
The Register has found numerous accounts of Windows 10 PCs crashing, displaying the Blue Screen of Death, then being unable to reboot.
"We're seeing BSOD Org wide that are being caused by csagent.sys, and it's taking down critical services. I'll open a ticket, but this is a big deal," wrote one user.
Forums report that Crowdstrike has issued an advisory with a URL that includes the text "Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19" – but it's behind a regwall that only customers can access.
An apparent screenshot of that article reads "CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor. Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor."
CrowdStrike's engineers are working on the issue.
Falcon Sensor is an agent that CrowdStrike claims "blocks attacks on your systems while capturing and recording activity as it happens to detect threats fast."
Right now, however, the sensor appears to be the threat.
This is a developing story and The Register will update it as new info comes to hand. ®
Updated at 0730 UTC to add Brody Nisbet, CrowdStrike's chief threat hunter, has confirmed the issue and on X posted the following:
There is a faulty channel file, so not quite an update. There is a workaround... 1. Boot Windows into Safe Mode or WRE. 2. Go to C:\Windows\System32\drivers\CrowdStrike 3. Locate and delete file matching "C-00000291*.sys" 4. Boot normally.
In a later post he wrote "That workaround won't help everyone though and I've no further actionable help to provide at the minute".
More to come as the situation evolves ...
In Australia, CrowdStrike IT outage hits airports, banks, supermarkets as emergency committee meets
A major network outage has affected several Australian institutions and businesses, including multiple airports, the Commonwealth Bank, Optus, Australia Post and Woolworths.
Major Global IT Outage Grounds Planes and Blocks Media Worldwide
Airports and other key infrastructure sites around the world have reported disruptions amid problems with communications:
Disruption to air traffic control systems is being reported around the world. Preliminary reports say a computer glitch may be causing the problem. Issues have arisen in the US, Spain, Germany, Australia, and elsewhere, with authorities forced to cancel takeoffs and landings due to safety concerns.
The outage was first reported about midnight CET on Thursday night/Friday.
The failure may have been caused by a software update that locks Microsoft operating systems and is reportedly not restricted to airlines. Some banks, emergency services, broadcasters, and financial institutions are also said to have been affected.
Computers using Windows 10 OS are reportedly crashing and showing "the blue screen of death" (BSOD) after an update for a security product provided by the firm CrowdStrike. The company is reportedly working on resolving the issue.
Brody Nisbet, CrowdStrike's chief threat hunter, has offered a workaround to deal with what he called a "faulty channel file" related to the Falcon Sensor cybersecurity app.
(Score: 3, Informative) by DannyB on Friday July 19, @03:38PM
One database server, two application servers.
Anyone else affected?
My applications, written in Java, could run just fine on Linux. And Microsoft SQL Server can run on Linux. But I don't make those decisions to use Windows.
I have internally demoed one of my applications running on Linux years past just to show that it actually works -- to the amazement of programmers deeply embedded in Microsoft tech up to their necks.
Trump is a poor man's idea of a rich man, a weak man's idea of a strong man, and a stupid man's idea of a smart man.
(Score: 3, Interesting) by DannyB on Friday July 19, @03:43PM (3 children)
The software flaw in the Cloudstrike software update was probably created by one single individual somewhere. A simple error made unintentionally caused such widespread outages on a worldwide scale.
Kind of makes you realize how brittle everything actually is.
Trump is a poor man's idea of a rich man, a weak man's idea of a strong man, and a stupid man's idea of a smart man.
(Score: 2) by ikanreed on Friday July 19, @03:48PM (2 children)
I mean, I've never heard of crowdstrike actually saving anyone from attacks.
So, to me, this reads as an object lesson in not buying expensive corporate bloatware, because of the promises it makes.
(Score: 2) by EJ on Friday July 19, @03:53PM
Why would you hear about an attack that didn't happen?
It's only news when SHTF.
(Score: 2) by DannyB on Friday July 19, @03:56PM
Just saw on ArsTechnica, costs, so far, estimated at $24 billion. Probably will be dozens of billions when the blue screen dust settles.
Remember all the claims: Microsoft products have a lower total cost of ownership.
What a way to wake up to an exciting Friday morning with notifications of applications being down.
Trump is a poor man's idea of a rich man, a weak man's idea of a strong man, and a stupid man's idea of a smart man.
(Score: 4, Touché) by Rosco P. Coltrane on Friday July 19, @03:51PM
