Sphinx ’s Post

Important Update from CrowdStrike on Falcon Sensor Issue: We've addressed the Windows hosts issue with a recent Falcon Sensor update. A fix is deployed, and here's how you can ensure your systems are clear: 1. Reboot: Restart the host to download the reverted channel file. 2. Safe Mode: If issues persist, boot Windows into Safe Mode. 3. File Deletion: Navigate to %WINDIR%\System32\drivers\CrowdStrike and delete the file C-00000291*.sys. 4. Normal Boot: Restart your system normally. 5. Cloud and VMs: For cloud or VM environments, detach, fix, and reattach the OS disk volume. 6. Check Your Systems: Ensure no file older than the 0527 UTC timestamp remains. 7. Support: Visit our support portal for continuous updates. We apologize for the inconvenience and thank you for your patience as we ensure your protection. 🛡️ #CrowdStrike #CyberSecurity #TechSupport #WindowsSecurity

Summary CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor. Details Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor. Windows hosts which have not been impacted do not require any action as the problematic channel file has been reverted. Windows hosts which are brought online after 0527 UTC will also not be impacted Hosts running Windows 7/2008 R2 are not impacted This issue is not impacting Mac- or Linux-based hosts Channel file "C-00000291*.sys" with timestamp of 0527 UTC or later is the reverted (good) version. Channel file "C-00000291*.sys" with timestamp of 0409 UTC is the problematic version. Current Action CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes. If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps can be used to workaround this issue: Workaround Steps for individual hosts: Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then: Boot Windows into Safe Mode or the Windows Recovery Environment NOTE: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation. Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory Locate the file matching “C-00000291*.sys”, and delete it. Boot the host normally. Note: Bitlocker-encrypted hosts may require a recovery key. Workaround Steps for public cloud or similar environment including virtual: Option 1: Detach the operating system disk volume from the impacted virtual server Create a snapshot or backup of the disk volume before proceeding further as a precaution against unintended changes Attach/mount the volume to to a new virtual server Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory Locate the file matching “C-00000291*.sys”, and delete it. Detach the volume from the new virtual server Reattach the fixed volume to the impacted virtual server Option 2: Roll back to a snapshot before 0409 UTC. https://lnkd.in/gtZQ5TD4 #Crowdstrike #Microsoft #Azure #BlueScreen #Cybersecurity

As many of you are aware, a recent IT outage following a CrowdStrike security update has caused significant global disruption. Fortunately, fixes are now available. Affected organizations should refer to the vendor guidance to take the necessary corrective actions. Please find attached CrowdStrike's statement, which includes workaround steps for individual hosts and public cloud environments, including virtual setups. A huge shoutout to all the IT teams worldwide who have been working tirelessly under intense pressure to resolve these issues! 🌍💪 If you need any assistance, please reach out or email Databox 360 at info@databox-360.com #ITSupport #TechUpdate #CrowdStrike #CyberSecurity #ITOutage #TeamWork #ITCommunity #DisasterRecovery

🔒 Check out this article from Fredrik Brattstig on how you can boost security for #AzureVirtualDesktop (#AVD) and #Windows365 (#W365) Access. 📝He explains how you can elevate your security by ensuring only managed IGEL OS endpoints can access your AVD or Windows365 environment by using custom AppIDs within Microsoft Entra to control access precisely. This method simplifies security without the complexity of extensive conditional access policies. Protect your resources by using unique AppIDs and disable first-party clients for added security. ▶️For a detailed guide on setting this up, visit https://lnkd.in/eWXFTR6s

🚨 Important Update for CrowdStrike Customers on Windows Hosts 🚨 We are currently addressing an issue related to a recent content update that impacted some Windows hosts. Please note, this does not affect Mac or Linux hosts, and it is not a cyberattack. Our team has identified the issue and deployed a fix. For continuous updates and detailed guidance, visit our support portal. We understand the disruption this may have caused and are deeply sorry. Rest assured, we are fully committed to resolving this swiftly and ensuring your systems' security and stability. Stay connected with us through official channels for the latest updates. Your trust is paramount, and we're here to support you. 🔗 https://lnkd.in/gU-42ChZ #CyberSecurity #CrowdStrike #WindowsUpdate #ITSupport --- Steps to Fix the Issue: For Individual Hosts: 1. **Reboot the Host:** This allows the host to download the reverted channel file. 2. If the host crashes again:   - Boot Windows into Safe Mode or the Windows Recovery Environment.   - Navigate to the `%WINDIR%\System32\drivers\CrowdStrike` directory.   - Locate the file matching `“C-00000291*.sys”`, and delete it.   - Boot the host normally. **For Public Cloud or Similar Environments:** Option 1: 1. Detach the operating system disk volume from the impacted virtual server. 2. Create a snapshot or backup of the disk volume as a precaution. 3. Attach/mount the volume to a new virtual server. 4. Navigate to the `%WINDIR%\System32\drivers\CrowdStrike` directory. 5. Locate the file matching `“C-00000291*.sys”`, and delete it. 6. Detach the volume from the new virtual server. 7. Reattach the fixed volume to the impacted virtual server. Option 2: 1. Roll back to a snapshot before 0409 UTC. For AWS-specific documentation, refer to: - **[To attach an EBS volume to an instance](https://lnkd.in/gTnm3qAz - **[Detach an Amazon EBS volume from an instance](https://lnkd.in/gv78Waa5 For Azure environments, please see this Microsoft article: - **[User Access to Recovery Key in the Workspace ONE Portal](https://lnkd.in/gvNSmcfg

A third party cyber security company (ClodStrike) caused a recent outage on Azure which affected several major businesses. According to Microsoft status update, https://lnkd.in/g5H8hKPb virtual machines get stuck during update. See details in the previous and this link, https://lnkd.in/gctg8f3H Few years ago, I had a similar experience, identified during development, in one of the projects that I led in a different cloud service. To mitigate the problem I suggested, after consulting my team, to add a production like staging to our CI/CD to increase the probability of capturing the issues before it goes to production. Note that this increased deployment time and not to mention development time. When it comes to reliability and security related design decisions you will make some stakeholders unhappy: your job is not to make everybody happy; it is to minimize such kinds of impacts.

Exciting news for organizations prioritizing cybersecurity: Offline Security Intelligence Update is now available in Public Preview! This new feature allows Linux endpoints that operate with limited or no internet access to update their security intelligence via a local hosting server. It's an excellent tool for enhancing control over signature downloads and deployments on Linux servers, especially those running critical workloads. The benefits of this offline update capability include managing download frequencies, testing signatures before wide deployment, reducing network bandwidth by using a single local server to fetch updates, and ensuring the latest antivirus protection without needing Defender for Endpoint installed on the local server. Plus, there are backup measures in place just in case something goes wrong with an update. The process involves setting up a local server that can connect with Microsoft Cloud, downloading signatures onto it, and then having your endpoints pull these verified signatures at set intervals. To get started with this feature and upgrade your security infrastructure, you'll need to have the latest Defender for Endpoint agent version 101.24022.000 or above and follow the provided documentation for setup instructions. For more detailed information about how it works and how to implement it within your organization's IT environment, please consult the full post. Post generated with the help of Azure OpenAI GPT4 🤖 #msftadvocate #MicrosoftDefenderForEndpoint #MicrosoftDefender #Security #MDE

🚨 Breaking IT News Alert 🚨 Microsoft saves the day by squashing a pesky bug that messed with enterprise networks! 🦾🔧 #ainews #automatorsolutions 👩💻 Remember the recent Windows 10 update that sent ripples through MCC node discovery on enterprise networks? Phew, it's history now, thanks to Microsoft's quick fix! 🌐💻 🔍 Let's break it down: - Microsoft tackles the Windows 10 update glitch affecting MCC node discovery on enterprise networks 💥✔️ - The tech titan swiftly rolls out a fix to restore peace and order 🚀🔧 - IT pros breathe a sigh of relief as network interruptions become a thing of the past 🌈💨 🚀 What's next on the horizon? With rapid-fire developments like these, the future of network management is nothing short of thrilling! 🚀💭 🌟 Prediction time 🌟: - We'll see a surge in updates aimed at enhancing enterprise network stability 📈🔒 - Stay ahead of the game by keeping your systems primed and ready for any tech twists and turns! 🎮💪 💬 What's your take on this game-changing fix from Microsoft? Share your thoughts below! Let's keep the conversation buzzing! 🐝💬 #ITnews #techupdate #cybersecurity #networkmanagement #MicrosoftFTW 🤖✨ #CyberSecurityAINews ----- Original Publish Date: 2024-07-24 11:05

🌟 Excited to unveil my latest blog post, "Spoof/Change MAC Address permanently in Microsoft Azure"! 💡Dive into the intricacies of software licensing methods and the challenges they pose in Azure environments. From user-account licensing to the often cumbersome MAC address licensing, we explore how to navigate these hurdles. 🔍 Discover the significance of MAC addresses in network communication and the critical role they play in device identification. Learn how to effectively change MAC addresses on both Windows and Linux VMs, ensuring seamless operations without compromising connectivity or security. 💻 This comprehensive guide empowers you to optimize your infrastructure, reduce costs, and fortify your security measures. 🚀 Ready to enhance your Azure experience? Don't miss out on these invaluable insights! Read the full article now #MicrosoftAzure #Networking #Security #TechBlog #MACAddress #VirtualMachines #Azure #Spoofing