New Ytest
Sign out
Bimmerpost
Login
BMW E39 5-Series Forum | 5Post.com
BMW Garage BMW Meets Register Today's Posts  
Go Back   BMW E39 5-Series Forum | 5Post.com > BIMMERPOST Universal Forums > Off-Topic Discussions Board

Post Reply
 
Thread Tools Search this Thread
      07-19-2024, 05:39 AM   #1
Artemis
Moderator
Artemis's Avatar
32931
Rep
13,405
Posts

 
Drives: BMW M2C - BMW X1
Join Date: Jun 2011
Location: Belgium

iTrader: (0)

CrowdStrike update BSOD calamity (worldwide)

CrowdStrike update BSOD calamity (worldwide):

"Global IT outage live: Computer havoc caused by Crowdstrike outage could take days to fix"
https://www.abc.net.au/news/2024-07-...alia/104119960

"Global tech outages hit airlines, banks and businesses"
https://edition.cnn.com/business/liv...hnk/index.html

"Travel, banking and businesses hit after software bug causes worldwide IT chaos"
https://www.bbc.com/news/live/cnk4jdwp49et

"CrowdStrike Windows Outage—What Happened And What To Do Next"
https://www.forbes.com/sites/kateofl...at-to-do-next/

"Major Windows BSOD issue takes banks, airlines, and broadcasters offline / A faulty update from cybersecurity provider CrowdStrike is responsible for the global outage."
https://www.theverge.com/2024/7/19/2...e-outage-issue

"BSOD error in latest crowdstrike update":
https://www.reddit.com/r/crowdstrike...strike_update/
__________________
///M is art Artemis
Appreciate 3
      07-19-2024, 07:27 AM   #2
ASAP
Major General
ASAP's Avatar
10859
Rep
9,033
Posts

 
Drives: '23 X3 M40i
Join Date: Sep 2012
Location: FL

iTrader: (0)

it seems like there is some new tech related mess all the time now...

i am not a tech guy but Crowdstrike is a cybersecurity company... presumably if they have an outage... i don't see how this affects the core systems of a number of companies... unless it is a hack?
__________________
2 x N54 -> 1 x N55 -> 1 x S55-> 1 x B58

Last edited by ASAP; 07-19-2024 at 07:32 AM..
Appreciate 0
      07-19-2024, 07:44 AM   #3
RockCrusher
Lieutenant Colonel
United_States
1589
Rep
1,523
Posts

 
Drives: BMW 2023 ZB M2 6-speed
Join Date: Jun 2022
Location: Benton County, AR

iTrader: (0)

Quote:
Originally Posted by ASAP View Post
it seems like there is some new tech related mess all the time now...

i am not a tech guy but Crowdstrike is a cybersecurity company... presumably if they have an outage... i don't see how this affects the core systems of a number of companies... unless it is a hack?
Word is that a software update gone wrong brought down CrowdStrike.
Appreciate 2
ASAP10858.50
vreihen1620581.00
      07-19-2024, 08:07 AM   #4
RickFLM4
Brigadier General
RickFLM4's Avatar
United_States
11830
Rep
4,872
Posts

 
Drives: M4
Join Date: Jul 2015
Location: PB County, FL

iTrader: (0)

Quote:
Originally Posted by ASAP View Post
it seems like there is some new tech related mess all the time now...

i am not a tech guy but Crowdstrike is a cybersecurity company... presumably if they have an outage... i don't see how this affects the core systems of a number of companies... unless it is a hack?
It's almost like concentrating software services, especially security-related services, in a few (or one) big players that serve entire industries and affect PCs everywhere, might have some downsides.
__________________
Current: 2018 SO/SS F83 ZCP
Gone: 2015 SO/SO F82
Appreciate 8
ASAP10858.50
cmyx6go16814.00
vreihen1620581.00
2000cs3904.00
dmatre742.50
Buug95923227.00
      07-19-2024, 08:13 AM   #5
zx10guy
Brigadier General
5516
Rep
3,322
Posts

 
Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Read through the Forbes article on this. It's from a faulty update from Crowdstrike. I don't have any personal hands on experience with Crowdstrike. But from what I gather, the installed agents on the end points do automatic updates when available from Crowdstrike. Crowdstrike is a cloud based security platform. So this is why the impact has been pretty massive.

A fix has been identified but requires booting into Safe mode and then going to a specific directory on the PC/server to delete a specific file. So far there's no automated way of doing this so it's going to be a long manual process until Crowdstrike figures something out.

This is what we in the IT world call an RGE (resume generating event). And someone(s) is going to have a bad meeting with management/HR. I'm stunned that this wasn't identified in beta testing before being pushed out as a production/general release. Don't know how Crowdstrike is going to handle the ire of customers with real significant monetary loses due to this.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 2
nerdogray1470.00
vreihen1620581.00
      07-19-2024, 08:14 AM   #6
Frostynorth
Weirdo
Frostynorth's Avatar
Canada
473
Rep
195
Posts

 
Drives: 2011 e92 M3
Join Date: Jun 2020
Location: Middle of nowhere

iTrader: (0)

On the plus side, if the computers can't boot, they can't get hacked.
Appreciate 4
nerdogray1470.00
vreihen1620581.00
BMWGUYinCO4338.00
      07-19-2024, 08:45 AM   #7
NoMoreVauxhalls
First Lieutenant
NoMoreVauxhalls's Avatar
United Kingdom
440
Rep
318
Posts

 
Drives: BMW X3 30d M Sport
Join Date: Aug 2020
Location: Reading, UK

iTrader: (0)

Back in 2004 the computer security company that I worked for had exactly the same issue. (I won't name the company, but it was one of the big ones). We produced virus definition files every day (sometimes multiple times per day) which allowed the AV software to detect new viruses. These definition files are (were) created by an automated process and were QA tested before being deployed into the field - but due to the quick turnaround, corners were obviously cut during QA.

On that particular day, the update was created and started being downloaded and consumed by our software on computers around the world. Unfortunately, we incorrectly identified a Windows system file as being infected, and so that file was "quarantined" and moved from it's System folder, to our quarantine location.

End result: the sh!t hit the fan. And quickly. Any Windows PC would blue screen on the next bootup as that system file was no longer present. This sounds very similar to what has happened with Crowdstrike today...

I worked in tech support back then, and our phones were red hot for days! We subsequently revised our QA processes and made them much more robust. Individuals lost their jobs, also. And I'm guessing something similar will happen at Crowdstrike...
Appreciate 4
vreihen1620581.00
zx10guy5516.00
dradernh4827.50
      07-19-2024, 08:58 AM   #8
Artemis
Moderator
Artemis's Avatar
32931
Rep
13,405
Posts

 
Drives: BMW M2C - BMW X1
Join Date: Jun 2011
Location: Belgium

iTrader: (0)

Quote:
Originally Posted by RickFLM4 View Post
It's almost like concentrating software services, especially security-related services, in a few (or one) big players that serve entire industries and affect PCs everywhere, might have some downsides.
Name:  Tech_Outage.jpg
Views: 326
Size:  148.1 KB
(source: https://www.abc.net.au/news/2024-07-...alia/104119960)
__________________
///M is art Artemis
Appreciate 2
RickFLM411829.50
ASAP10858.50
      07-19-2024, 09:06 AM   #9
vreihen16
Recovering Perfectionist
vreihen16's Avatar
20581
Rep
1,005
Posts

 
Drives: BMW-less :(
Join Date: Jun 2019
Location: Orange County, NY

iTrader: (0)

Garage List
As I said to my DW when I heard the talking heads on the morning TV news opening with this news as their headline, I'm glad that I was involuntarily retired from the IT business a few weeks ago.

Back to my nap.....
__________________
Currently BMW-less.
Appreciate 13
zx10guy5516.00
cmyx6go16814.00
BMWGUYinCO4338.00
RickFLM411829.50
T0RM3NT4562.50
2000cs3904.00
DocL2105.50
SW111593.50
dradernh4827.50
Buug95923227.00
      07-19-2024, 09:28 AM   #10
unluky
Major
unluky's Avatar
7675
Rep
1,261
Posts

 
Drives: 04 z4 3.0 Sport & 15 X5 35i XD
Join Date: Aug 2013
Location: Sedalia, MO

iTrader: (0)

Garage List
Secret Service right now going WHEW!!!!!!
__________________
2015 X5 XDrive 35i - 2004 Z4 3.0 Sport
Appreciate 6
RickFLM411829.50
Wolf 3352562.00
2000cs3904.00
Buug95923227.00
      07-19-2024, 09:35 AM   #11
zx10guy
Brigadier General
5516
Rep
3,322
Posts

 
Drives: 2013 135i
Join Date: Feb 2014
Location: DC

iTrader: (0)

Quote:
Originally Posted by NoMoreVauxhalls View Post
Back in 2004 the computer security company that I worked for had exactly the same issue. (I won't name the company, but it was one of the big ones). We produced virus definition files every day (sometimes multiple times per day) which allowed the AV software to detect new viruses. These definition files are (were) created by an automated process and were QA tested before being deployed into the field - but due to the quick turnaround, corners were obviously cut during QA.

On that particular day, the update was created and started being downloaded and consumed by our software on computers around the world. Unfortunately, we incorrectly identified a Windows system file as being infected, and so that file was "quarantined" and moved from it's System folder, to our quarantine location.

End result: the sh!t hit the fan. And quickly. Any Windows PC would blue screen on the next bootup as that system file was no longer present. This sounds very similar to what has happened with Crowdstrike today...

I worked in tech support back then, and our phones were red hot for days! We subsequently revised our QA processes and made them much more robust. Individuals lost their jobs, also. And I'm guessing something similar will happen at Crowdstrike...
While details will probably solidify as to what the issue ultimate is/was, based on the info from the Forbes article for the fix:

1. Boot Windows into Safe Mode or WRE.

2. Go to C:\Windows\System32\drivers\CrowdStrike

3. Locate and delete file matching "C-00000291*.sys"

4. Boot normally.

This isn't a Windows system file that was mistakenly determined as a malicious file. This all points to an update CrowdStrike pushed down that caused an issue with their software that has hooks into the Windows kernel that is causing the BSOD and boot loops.
__________________
Quote:
Originally Posted by Lups View Post
We might not be in an agreement on Trump, but I'll be the first penis chaser here to say I'll rather take it up in the ass than to argue with you on this.
Appreciate 2
      07-19-2024, 10:02 AM   #12
spazzyfry123
Lieutenant Colonel
spazzyfry123's Avatar
5010
Rep
1,974
Posts

 
Drives: Here and There
Join Date: Jul 2013
Location: North Georgia Mountains

iTrader: (1)

Garage List
Things aren’t so great here on the healthcare side of the fence…
Appreciate 2
vreihen1620581.00
BMWGUYinCO4338.00
      07-19-2024, 10:19 AM   #13
NoMoreVauxhalls
First Lieutenant
NoMoreVauxhalls's Avatar
United Kingdom
440
Rep
318
Posts

 
Drives: BMW X3 30d M Sport
Join Date: Aug 2020
Location: Reading, UK

iTrader: (0)

Quote:
Originally Posted by zx10guy View Post
This isn't a Windows system file that was mistakenly determined as a malicious file. This all points to an update CrowdStrike pushed down that caused an issue with their software that has hooks into the Windows kernel that is causing the BSOD and boot loops.
You're correct - it's not exactly the same issue. But I just wanted to relay a very similar (and very painful) issue that we had back in the day!

Hopefully Crowdstrike learn a hard lesson from this and fully review their QA processes going forward.
Appreciate 1
zx10guy5516.00
      07-19-2024, 10:42 AM   #14
Artemis
Moderator
Artemis's Avatar
32931
Rep
13,405
Posts

 
Drives: BMW M2C - BMW X1
Join Date: Jun 2011
Location: Belgium

iTrader: (0)

https://www.crowdstrike.com/blog/sta...sensor-update/

Name:  CrowdStrike_Falcon_Bug_1.jpg
Views: 279
Size:  126.1 KB
Name:  CrowdStrike_Falcon_Bug_2.jpg
Views: 287
Size:  161.3 KB
__________________
///M is art Artemis
Appreciate 2
vreihen1620581.00
BMWGUYinCO4338.00
      07-19-2024, 12:56 PM   #15
JMcLellan
Lieutenant Colonel
JMcLellan's Avatar
United_States
2731
Rep
1,593
Posts

 
Drives: 2024 M2
Join Date: Mar 2022
Location: MN

iTrader: (0)

Quote:
Originally Posted by zx10guy View Post

I'm stunned that this wasn't identified in beta testing before being pushed out as a production/general release. Don't know how Crowdstrike is going to handle the ire of customers with real significant monetary loses due to this.
100% this. How does this pass testing? With what is at stake and the potential impact it's crazy. It's hard to accept their QA was that bad and it's easy to go to the thought that a hack might be likely. I bet Crowdstrike wishes they could say this was a hack vs an internal issue. They may never recover.
__________________
2024 M2
2019 M240i- Sold
Appreciate 0
      07-19-2024, 01:16 PM   #16
Artemis
Moderator
Artemis's Avatar
32931
Rep
13,405
Posts

 
Drives: BMW M2C - BMW X1
Join Date: Jun 2011
Location: Belgium

iTrader: (0)

Name:  Musk_Crowdstrike.jpg
Views: 246
Size:  149.2 KB
(source: https://www.telegraph.co.uk/business...stralia-world/)

Newark, USA earlier today:
Name:  Newark_US.jpg
Views: 238
Size:  233.9 KB
__________________
///M is art Artemis
Appreciate 3
JMcLellan2730.50
vreihen1620581.00
RickFLM411829.50
Post Reply

Bookmarks


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -5. The time now is 09:40 PM.




5post
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.
1Addicts.com, BIMMERPOST.com, E90Post.com, F30Post.com, M3Post.com, ZPost.com, 5Post.com, 6Post.com, 7Post.com, XBimmers.com logo and trademark are properties of BIMMERPOST