CrowdStrike Take Down Internet

WhyAydan · 19 July 2024 08:13

Looks like CrowdStrike has caused a massive BSOD wave!

They pushed an update yesterday on the falcon sensor which is crashing windows!

Happy Friday!

Lee · 19 July 2024 08:20

Yep the amount of P1’s at work this morning is wild.

WhyAydan · 19 July 2024 08:22

We had to rollback to 11PM yesterday, that god our DBs are on Linux

L0rdVerga · 19 July 2024 09:12

The MSP I work for is impacted by this however the actual client was smart enough to not use crowd strike and thus were unaffected

WhyAydan · 19 July 2024 09:19

Worst part is it’s not a quick fix, some systems wont even boot without manually going into safe mode and removing CrowdStrike. They need to have manual intervention. CrowdStrike have basically hit the red button and locked computers. The computers will not be able to get any updates from CrowdStrike lol

Lee · 19 July 2024 09:23

Lee · 19 July 2024 09:27

Yeah apparently the fix is to

Safe boot
Go to C:\Windows\System32\drivers\CrowdStrike
Locate and delete file matching “C-00000291*.sys”

Millions of systems going to be affected, happy funking Friday

WhyAydan · 19 July 2024 09:27

Yeah the issue is, can’t remotely deploy that lol.

Lee · 19 July 2024 09:34

Same thing happened with Webroot in years gone by. They pushed a dodgy update and exactly the same thing happened.
Needs to be a failsafe mechanism built into Windows that if something causes a BSOD it auto reverts and strips anything that was updated to the last working known configuration. I know this can be done manually but Winblows needs to get good.

WhyAydan · 19 July 2024 09:35

Just shows how resilient windows is. This is why major infra should be on Linux.

quackers · 19 July 2024 10:15

skynet_azure-cdh

L0rdVerga · 19 July 2024 11:51

My MSP published just that, to go into safe mode and remove CrowdStrike… Want to know the great thing? It required Admin perms and we are not given Admin perms

T9537 · 19 July 2024 12:00

Yep the amount of P1’s at work this morning is wild.

Try working at a massive law firm with offices all over the UK but base all IT staff in one town… (East Midlands area).

“Fancy flying to Dublin to assist handling this P1?”

Yeah no thanks.

L0rdVerga · 19 July 2024 13:29

I would’ve done that! Heck yeah, no work

bahweb · 19 July 2024 14:07

Didn’t do much for the share price

CraigT1976 · 19 July 2024 20:42

Buy some shares quick, it’ll be next weeks chip paper and stocks will recover

WhyAydan · 19 July 2024 23:42

Wayyyyy ahead of you lol. Didn’t drop much mind you

L0rdVerga · 22 July 2024 20:25

Oooof

WhyAydan · 23 July 2024 08:00

Casually waiting for the perfect point to jump

WhyAydan · 24 July 2024 11:49