SBS CyberSecurity’s Post

For those dealing with or wanting to know more about the #CrowdStrike #outage today, we've got a fresh blog post with info about who's affected (generally) and how to recover! We hope it helps! #sbscyber #sbs #security #cybersecurity #technology #blog

Bad CrowdStrike Update Linked to Major IT Outages Worldwide: Organizations worldwide are reporting major outages due to Windows system crashes caused by a bad CrowdStrike update. The post Bad CrowdStrike Update Linked to Major IT Outages Worldwide appeared first on SecurityWeek.

My Thoughts on today’s outage (with my extensive experience on Windows Kernel Driver) –  Today’s Outage happened due to a driver in Windows OS (allegedly provided by CrowdStrike). It is a kernel mode driver, which becomes part of OS when OS boots or loaded manually. Since cybersecurity is a intermediate protocol driver (and not a low layer hardware device driver), most probably the issue will be related to accessing an unhandled exception such as NULL pointer, happens due to accessing a memory that was not allocated or previously freed. One simple example is accessing the “Next” pointer in a Link List but not checking the condition whether it is NULL. When such error happens in Kernel, it crashes the OS, and you see the BSOD (Blue Screen of Death). How to recover -  1.⁠ ⁠Boot Windows into Safe Mode or the Windows Recovery Environment. 2.⁠ ⁠Navigate to the C:\Windows\System32\drivers\CrowdStrike directory. 3.⁠ ⁠Locate the file matching C-00000291*.sys and rename it 4.⁠ ⁠Boot the host normally.

Security firm CrowdStrike has posted a preliminary post-incident report about the botched update to its Falcon security software that caused as many as 8.5 million Windows PCs to crash over the weekend, delaying flights, disrupting emergency response systems, and generally wreaking havoc. The detailed post explains exactly what happened: At just after midnight Eastern time, CrowdStrike deployed "a content configuration update" to allow its software to "gather telemetry on possible novel threat techniques." CrowdStrike says that these Rapid Response Content updates are tested before being deployed, and one of the steps involves checking updates using something called the Content Validator. In this case, "a bug in the Content Validator" failed to detect "problematic content data" in the update responsible for the crashing systems. #crowdstrike https://lnkd.in/gCY9AhrD

BSOD due to crowstrike. ALERT: Attention all users! There has been a global issue with Blue Screen crashes following recent Windows and CrowdStrike updates. This situation is currently under investigation. Users are advised to refrain from updating their systems and consider alternative operating systems until further notice. Update1: rename the crowdstrike folder c:\windows\system32\drivers\crowstrike to something else. Update2: or Delete any file with name c-00000291*.sys at c:\windows\system32\drivers\crowstrike

((( We are here to help ))) We know the impact is being felt far and wide. Crowdstrike Windows Outage: Guidance for Organizations Affected https://lnkd.in/evQGyFmt Armis is helping affected customers and organizations streamline the process of getting back to normal operations following the Crowdstrike Windows outage. Steps to 1. identify the impact, 2. prioritize critical assets and 3. remediate - can be found here: https://lnkd.in/evQGyFmt To further assist, Armis is waiving subscription fees for a limited period to Armis Centrix™ for VIPR - Prioritization and Remediation (https://lnkd.in/ezZfYWC2). Our proactive approach ensures continuous security operations, even when traditional security tools are compromised. If you need support in managing this incident, please reach out to your Customer Success Manager today. #WindsowsOutage #Crowdstrike #OperationalTechnology #Windows

For those affected by the recent IT outage due to crowdstrike update affecting windows based assets (BSOD). Here is a quick fix solution that has worked for many. Please use at your discretion. It seems to have worked for many. https://lnkd.in/eh-6uDw4

The Falcon Friday Fiasco: A Global IT Wake-Up Call On Friday, a routine update from Crowdstrike’s FALCON turned into a nightmare, triggering the Blue Screen of Death (BSOD) on computers across the globe. This incident exposed a glaring vulnerability in our IT infrastructure: our over-reliance on a single vendor. It wasn’t just a coding error or a human mistake; the real issue is much more BIGGER. Many of the world’s leading companies, including most of the Fortune 500, depend on the same security vendor. This creates a single point of failure that can have catastrophic consequences, as we saw with the FALCON update. The fact that one company had kernel access to so many critical systems should raise alarm bells. This level of dependency on a single vendor is a recipe for disaster. We need to rethink our approach to IT security and infrastructure, ensuring that we do not put all our eggs in one basket. It's time for companies to diversify their IT solutions and vendors to mitigate the risks associated with such concentrated power. The Falcon Friday incident should serve as a wake-up call for the entire industry to prioritize resilience and redundancy in their IT strategies. 🚫 Reminds me of Kaspersky ban in U.S. #crowdstrike #bsod

As a wave of IT disruption spreads across the world today, the #Windows & #CrowdStrike outage is a reminder of how quickly systems can become disrupted in our mega-connected world, and of the importance of having effective disaster recovery plans. How have you been affected? https://lnkd.in/dsuCjMrh #NavigatingRisk #CyberRisk #ClydeOne