Morten Zdrenka Christensen’s Post

if you see the blue screen on your system that is definitely coz of the update pushed by crowdstrike (if you use crowdstrike) Here's how you can fix it; • ⁠Boot Windows into Safe Mode or windows recovery manager • ⁠Navigate to the C:\Windows\System32\drivers\CrowdStrike directory in Explorer • ⁠Locate the “C-00000291-00000000-00000032.sys” file, and delete it. • ⁠Boot the host normally. #Crowdstrike #Microsoft #Windows #BusinessFailure

Even if it's not an attack, we can say it is a security issue because availability is one of the three elements of Information Security (CIA). We should have Plan A, Plan B, and Plan C to mitigate any security issues as soon as possible based on the priority and risk level of the impact.

To all my friends waking up with the CrowdStrike blue screen boot loop this morning, I'm sorry about your weekend and week ahead. If you can't get to your email or systems but see LinkedIn on your phone, as far as I'm aware, here are the official fix guidelines so far: 1. Boot Windows into Safe Mode or the Windows Recovery Environment 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Boot the host normally. I don't guarantee this advice in any way, but it's what I've seen coming out in my channels and if it helps one company get back up and running, I'm happy to share it. Maybe someone in my network can confirm! If I can assist you somehow, please let me know! https://lnkd.in/etgY3Zri

It's going to be a long day for IT specialists! Crowdstrike's new update has resulted in the infamous BSOD (blue screen of death) for many users, halting business operations and even major airline traffic. Fortunately, the company has already devised steps to resolve this yourself. Keep in mind this resolution is aimed at personal computers, as businesses that encrypted their drives with tools like BitLocker will have extra hoops to jump through. https://lnkd.in/gpjqgC_p

Here is link to USPTO management's status update in response to CrowdStrike's Blue Screen of Death. https://ibb.co/3CM9x21 More than 7,000 USPTO employees are estimated to have been affected. IT service desk queue is overwhelmed, with 3 1/2 hour average wait times. Examiners within 50 miles of HQ or regional office are considering whether they can return to the office to work in person or get their computer fixed on site, while other have concerns that they will need to ship laptops back for repair. Prior to the ~9% pay raise, each hour of patent examining time cost about one million dollars. https://lnkd.in/g8XEyHxC

https://lnkd.in/eXWqNTRp Here is an article on how to resolve the blue screen issue present from the latest issues with CrowdStrike, it will be updated throughout the day as well as our CyberHero team is here to help 24/7/365 for any of our effected ThreatLocker partners that utilize CrowdStrike!

Crashes on windows host relaed to falcon sensors what happen yesterday? Issues: Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor A recent update to the CrowdStrike Falcon sensor caused crashes on Windows hosts. These crashes manifested as blue screen errors (BSOD). Impact: This issue potentially affected a significant number of Windows machines protected by CrowdStrike Falcon. Users might have experienced system downtime or data loss due to unexpected crashes. CrowdStrike's Response: CrowdStrike quickly identified the issue and acknowledged it via a Tech Alert (https://lnkd.in/d_T34PxV). They confirmed that the problem originated with a faulty content update and was not a security incident. CrowdStrike released a fix and advised users to either reboot their systems or follow the manual workaround instructions provided in the Tech Alert. Current Status: The problematic update has been reverted, and new Windows installations won't be affected. Users who haven't rebooted their systems since July 19th are still at risk of crashes. Recommendations: If you're using CrowdStrike Falcon on Windows and haven't rebooted since yesterday, it's crucial to restart your machines to ensure they receive the fixed update. Consider implementing automated system restarts to prevent similar issues in the future. Additional Resources: CrowdStrike Tech Alert: https://lnkd.in/d_T34PxV News Articles (might be behind paywalls): You can search for news articles mentioning "CrowdStrike", "Falcon sensor", and "Windows crashes" to find more information. Alternative Security Solutions: Consider exploring alternative security solutions with more robust update and testing procedures. Cloud-Based Solutions: Cloud-based security solutions might offer centralized management and potentially less risk of update-related issues on individual machines. Ready to kickstart your journey? Share your favorite learning resources, ask questions, and connect with like-minded individuals below! Let's empower each other on this exciting adventure! 👇 Best regards, Subash Iyyappan 😊 #bluescreenerror #windows #crowdstrike

As we now look back on the Global IT outage caused by Crowdstrike and listening to all the so-called experts on TV News, people have forgotten about the days of windows XP and the like where blue death screens had become a weekly norm.🫣 Things have changed a lot since then. Crowdstrike are still one of the most reputable and trusted providers of security services so will be interesting to see how they bounce back. https://lnkd.in/eCnTeYTN

CrowdStrike / We finally know what caused the global tech outage - and how much it cost https://lnkd.in/d_YxmYd4 "The outage may have cost Fortune 500 companies as much as $5.4 billion in revenues and gross profit, not counting any secondary losses that may be attributed to lost productivity or reputational damage." "The bad release was published just after midnight Eastern time on July 19... ... It was rolled back an hour and a half later, at 1:27 a.m. Eastern time. ... But by then millions of computers had already automatically downloaded the faulty update. The issue affected only Windows devices, ... and only those that were switched on and able to receive updates during those early morning hours." "Thanks to the timing of the incident, organizations in Europe and Asia “had more of their work day affected by the outage, unlike the Americas." CrowdStrike said it also plans to move to a staggered approach to releasing content updates so that not everyone receives the same update at once, and to give customers more fine-grained control over when the updates are installed.

Doug sums it up well, but life is never simple.... Depending on others and their technology is unavoidable in modern society, so there's no fault there. Crowdstrike provide a high-value security service that makes sense for others to use and depend upon, so being involved in this issue isn't necessarily a bad sign. Simply failing on and continuing to provide service in the event of a problem with the endpoint security mechanism would be a terrible idea. For Crowdstrike to have issues also isn't necessarily a bad sign given some of the bad actors at play these days (yes I'm looking at you: adversary state sponsored actors trying to disrupt society), depending on whether this is driven by an attack or an error. Nonetheless, in this case there are apparently questions to be asked about Crowdstrike's canarying, the provision they offer for customers to stage the rollout of upgrades, and the use of such mechanisms (if any) by those customers. The post-mortem will hopefully make interesting reading. [I know "everyone" is posting about this issue today ... my "justification" for joining in and sharing my (limited) perspective is given in a comment]