|
07-19-2024, 05:39 AM | #1 |
Moderator
32931
Rep 13,405
Posts |
CrowdStrike update BSOD calamity (worldwide)
CrowdStrike update BSOD calamity (worldwide):
"Global IT outage live: Computer havoc caused by Crowdstrike outage could take days to fix" https://www.abc.net.au/news/2024-07-...alia/104119960 "Global tech outages hit airlines, banks and businesses" https://edition.cnn.com/business/liv...hnk/index.html "Travel, banking and businesses hit after software bug causes worldwide IT chaos" https://www.bbc.com/news/live/cnk4jdwp49et "CrowdStrike Windows Outage—What Happened And What To Do Next" https://www.forbes.com/sites/kateofl...at-to-do-next/ "Major Windows BSOD issue takes banks, airlines, and broadcasters offline / A faulty update from cybersecurity provider CrowdStrike is responsible for the global outage." https://www.theverge.com/2024/7/19/2...e-outage-issue "BSOD error in latest crowdstrike update": https://www.reddit.com/r/crowdstrike...strike_update/
__________________
///M is art ↔ Artemis
|
07-19-2024, 07:27 AM | #2 |
Major General
10859
Rep 9,033
Posts |
it seems like there is some new tech related mess all the time now...
i am not a tech guy but Crowdstrike is a cybersecurity company... presumably if they have an outage... i don't see how this affects the core systems of a number of companies... unless it is a hack?
__________________
2 x N54 -> 1 x N55 -> 1 x S55-> 1 x B58
Last edited by ASAP; 07-19-2024 at 07:32 AM.. |
Appreciate
0
|
07-19-2024, 07:44 AM | #3 | |
Lieutenant Colonel
1589
Rep 1,523
Posts |
Quote:
|
|
07-19-2024, 08:07 AM | #4 | |
Brigadier General
11830
Rep 4,872
Posts |
Quote:
__________________
Current: 2018 SO/SS F83 ZCP
Gone: 2015 SO/SO F82 |
|
Appreciate
8
ASAP10858.50 cmyx6go16814.00 vreihen1620581.00 spazzyfry1235009.50 2000cs3904.00 jessejericho502.00 dmatre742.50 Buug95923227.00 |
07-19-2024, 08:13 AM | #5 |
Brigadier General
5516
Rep 3,322
Posts |
Read through the Forbes article on this. It's from a faulty update from Crowdstrike. I don't have any personal hands on experience with Crowdstrike. But from what I gather, the installed agents on the end points do automatic updates when available from Crowdstrike. Crowdstrike is a cloud based security platform. So this is why the impact has been pretty massive.
A fix has been identified but requires booting into Safe mode and then going to a specific directory on the PC/server to delete a specific file. So far there's no automated way of doing this so it's going to be a long manual process until Crowdstrike figures something out. This is what we in the IT world call an RGE (resume generating event). And someone(s) is going to have a bad meeting with management/HR. I'm stunned that this wasn't identified in beta testing before being pushed out as a production/general release. Don't know how Crowdstrike is going to handle the ire of customers with real significant monetary loses due to this. |
07-19-2024, 08:14 AM | #6 |
Weirdo
473
Rep 195
Posts |
On the plus side, if the computers can't boot, they can't get hacked.
|
Appreciate
4
|
07-19-2024, 08:45 AM | #7 |
First Lieutenant
440
Rep 318
Posts |
Back in 2004 the computer security company that I worked for had exactly the same issue. (I won't name the company, but it was one of the big ones). We produced virus definition files every day (sometimes multiple times per day) which allowed the AV software to detect new viruses. These definition files are (were) created by an automated process and were QA tested before being deployed into the field - but due to the quick turnaround, corners were obviously cut during QA.
On that particular day, the update was created and started being downloaded and consumed by our software on computers around the world. Unfortunately, we incorrectly identified a Windows system file as being infected, and so that file was "quarantined" and moved from it's System folder, to our quarantine location. End result: the sh!t hit the fan. And quickly. Any Windows PC would blue screen on the next bootup as that system file was no longer present. This sounds very similar to what has happened with Crowdstrike today... I worked in tech support back then, and our phones were red hot for days! We subsequently revised our QA processes and made them much more robust. Individuals lost their jobs, also. And I'm guessing something similar will happen at Crowdstrike... |
Appreciate
4
|
07-19-2024, 08:58 AM | #8 | |
Moderator
32931
Rep 13,405
Posts |
Quote:
(source: https://www.abc.net.au/news/2024-07-...alia/104119960)
__________________
///M is art ↔ Artemis
|
|
07-19-2024, 09:06 AM | #9 |
Recovering Perfectionist
20581
Rep 1,005
Posts |
As I said to my DW when I heard the talking heads on the morning TV news opening with this news as their headline, I'm glad that I was involuntarily retired from the IT business a few weeks ago.
Back to my nap.....
__________________
Currently BMW-less.
|
Appreciate
13
zx10guy5516.00 cmyx6go16814.00 BMWGUYinCO4338.00 RickFLM411829.50 NoMoreVauxhalls439.50 T0RM3NT4562.50 2000cs3904.00 DocL2105.50 SW111593.50 Car-Addicted8235.50 dradernh4827.50 Buug95923227.00 Samurai of 2day2317.00 |
07-19-2024, 09:28 AM | #10 |
Major
7675
Rep 1,261
Posts Drives: 04 z4 3.0 Sport & 15 X5 35i XD Join Date: Aug 2013
Location: Sedalia, MO
|
Secret Service right now going WHEW!!!!!!
__________________
2015 X5 XDrive 35i - 2004 Z4 3.0 Sport
|
Appreciate
6
|
07-19-2024, 09:35 AM | #11 | |
Brigadier General
5516
Rep 3,322
Posts |
Quote:
1. Boot Windows into Safe Mode or WRE. 2. Go to C:\Windows\System32\drivers\CrowdStrike 3. Locate and delete file matching "C-00000291*.sys" 4. Boot normally. This isn't a Windows system file that was mistakenly determined as a malicious file. This all points to an update CrowdStrike pushed down that caused an issue with their software that has hooks into the Windows kernel that is causing the BSOD and boot loops. |
|
Appreciate
2
NoMoreVauxhalls439.50 vreihen1620581.00 |
07-19-2024, 10:02 AM | #12 |
Lieutenant Colonel
5010
Rep 1,974
Posts Drives: Here and There Join Date: Jul 2013
Location: North Georgia Mountains
iTrader: (1)
Garage List (2)11 BMW E90M Stri ... [10.00]
(1)11 BMW E90M Stri ... [10.00] 98 Lexus LS400 [10.00] 16 Toyota Land Cruiser [10.00] 97 Toyota Land Cruiser [8.33] |
Things aren’t so great here on the healthcare side of the fence…
|
Appreciate
2
vreihen1620581.00 BMWGUYinCO4338.00 |
07-19-2024, 10:19 AM | #13 | |
First Lieutenant
440
Rep 318
Posts |
Quote:
Hopefully Crowdstrike learn a hard lesson from this and fully review their QA processes going forward. |
|
Appreciate
1
zx10guy5516.00 |
07-19-2024, 10:42 AM | #14 |
Moderator
32931
Rep 13,405
Posts |
__________________
///M is art ↔ Artemis
|
Appreciate
2
vreihen1620581.00 BMWGUYinCO4338.00 |
07-19-2024, 12:56 PM | #15 |
Lieutenant Colonel
2731
Rep 1,593
Posts |
100% this. How does this pass testing? With what is at stake and the potential impact it's crazy. It's hard to accept their QA was that bad and it's easy to go to the thought that a hack might be likely. I bet Crowdstrike wishes they could say this was a hack vs an internal issue. They may never recover.
__________________
2024 M2
2019 M240i- Sold |
Appreciate
0
|
07-19-2024, 01:16 PM | #16 |
Moderator
32931
Rep 13,405
Posts |
__________________
///M is art ↔ Artemis
|
Post Reply |
Bookmarks |
|
|