CrowdStrike Outage Cripples Major Businesses
Today the popular Endpoint Security and Remote Management vendor CrowdStrike pushed a software update to all computers managed by their product that effectively kills the computer. When computers managed by CrowdStrike’s software updated to the problematic version of the software, files were created in the C:\Windows\System32 folder that cause the computer to crash on startup, and go to a “Blue Screen of Death”
CrowdStrike released a statement this morning regarding the situation, stating:
“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This was not a cyberattack.
The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website.”
They also released a step by step guide for users to fix the issue:
Workaround Steps for individual hosts:
- Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then:
- Boot Windows into Safe Mode or the Windows Recovery Environment
- NOTE: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation.
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
- Boot Windows into Safe Mode or the Windows Recovery Environment
Unfortunately, this method requires Systems Administrators to have direct, physical access to each machine, and also requires the BitLocker disk encryption key to be manually entered in order to access the files. Most SysAdmins are simply reimaging (wiping and reloading) effected computers.
While CrowdStrike is considered one of the Industry Standards in Endpoint Security and Remote Management, Shreveport Fix IT utilizes SentinelOne for Endpoint Security for all our clients, so none of our business partners have been effected by this recent outage.
So when deciding who to choose to manage your business’ IT Security, choose Shreveport Fix IT.