CrowdStrike has struck a crowd of Windows

Airports, emergency services, trains, stock exchanges, health services, TV stations etc etc affected. First spotted in :australia: & :new_zealand: but worldwide inpact.

13 Likes

Interesting how fast the global infrastructure could potentially crumble.

5 Likes

That’s actually a valid peril in our connected world.
I don’t know if it would be as dire today (or more so), but many years ago, a DNS server outage shut everything down (in an innocent outage vs a vindictive one).

2 Likes

It has knocked out our rota system, Sky news was not working, not that I watch it :rofl:

1 Like

My Linux Works just fine this morning I don’t see a problem :grin:

13 Likes

I don’t know if a BeerStrike or a WineStrike could possibly affect Linux Systems as well. At least, such a Strike would possibly not be a worldwide phenomena.

2 Likes

WineStrike is later :wink:

1 Like

Let Them STRIKE

2 Likes

I guess that’s what happens when things go pear-shaped. A similar thing could have happened to Linux too, I believe.

1 Like

Smug at the fact that I use Linux and am not personally impacted.
Sad at the fact that my employer’s IT admin is on the beach and did not push the security update, so I have to work as normal.

5 Likes

Agree.

I would say if things are organized the same way as it happened here then of course this is possible with other OS resp. software as well.

I think it’s much less likely to happen for most Linux distros. CrowdStrike is a 3rd party antivirus/security vendor whose products have deep access into the Windows system and are updated directly by CrowdStrike themselves.

Linux distros (and their users) tend to install the bulk of their software from the distros own repos, which are usually subject to testing before entering the stable repos. Flatpaks etc are sandboxed.

There aren’t any significant Linux anti-virus products (ClamAV searches for Windows viruses and doesn’t have the system access that Windows antivirus products do).

My one caveat is rolling distros such as Arch (and Endeavour) where less testing takes place before rollout. An example would be the GRUB issue last year.

This problem likely wouldn’t have hit most other Linux distros because of the amount of testing a GRUB update would go through before rollout to their stable versions.

5 Likes

I feel so blessed that our issues at work related to this have been relatively minor. The impact scope of this is absolutely mind-boggling.

1 Like

The grub issue was easily resolvable if you read up on it though. Crowdstrike maybe not so much.

5 U.S. airports shutdown that I’ve counted (edit: southwest apparently unaffected I read). many hospitals hobbled in what they can do right now. Third party windows updates. How this plays out is beyond me.

1 Like

From the perspective of someone who must use Windows at work - feels like nothing happened.
Windows 10 booted fine, the system and M$ services were operational the whole time.

Of course, my company was lucky. Few airports in Poland had the departures delayed for even a couple of hours… :roll_eyes:

1 Like

Frankly, not an excuse. I don’t have to read up on stuff just to use my OS to fix it after an update, even if this is a DIY distro or whatever.

1 Like

some are delayed most of a day. guess it comes down to individual IT Teams.
As far as work, I agree, all systems are up my company, my IT guy just sent a mass email that a lot of damage was done to some aspects of 365/MS stuff etc but they will have it fixed in 20-30 min…

2 Likes

Opinion (mine).
Do you expect to be fed information by some sort of unexplained osmosis, or an acknowledged means of information transfer (reading)?

2 Likes

Thought I might share the public solution below.

On a high level for corporations you will have to:

  • get users to use a special uniquie code to get past bitlocker
  • boot into safe mode
  • open command prompt
  • and delete the bad content downloaded by the CrowdStrike Agent.

All manual steps so it is taking time to get back online.

People who were affected (in NA) are any server or workstation which was on over night when the content delivery network had the bad files.

 Workaround Steps:

    Boot Windows into Safe Mode or the Windows Recovery Environment

    Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

    Locate the file matching “C-00000291*.sys”, and delete it.

    Boot the host normally.

Apparently it does not matter what version of the CrowdStrike Agent you have, the CrowdStrike Channel files have been identified at the culprit to this outage. More to come as the root cause analysis happens.

Source:
https://supportportal.crowdstrike.com/s/article/Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19
https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/

This is the full explaination of the issue and the channel file which corrupted all CrowdStrike Agent installs (no matter the version):

https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/

4 Likes