CrowdStrike update BSOD calamity (worldwide)

Artemis · 07-19-2024, 04:39 AM

CrowdStrike update BSOD calamity (worldwide):

"Global IT outage live: Computer havoc caused by Crowdstrike outage could take days to fix"
https://www.abc.net.au/news/2024-07-...alia/104119960

"Global tech outages hit airlines, banks and businesses"
https://edition.cnn.com/business/liv...hnk/index.html

"Travel, banking and businesses hit after software bug causes worldwide IT chaos"
https://www.bbc.com/news/live/cnk4jdwp49et

"CrowdStrike Windows Outage—What Happened And What To Do Next"
https://www.forbes.com/sites/kateofl...at-to-do-next/

"Major Windows BSOD issue takes banks, airlines, and broadcasters offline / A faulty update from cybersecurity provider CrowdStrike is responsible for the global outage."
https://www.theverge.com/2024/7/19/2...e-outage-issue

"BSOD error in latest crowdstrike update":
https://www.reddit.com/r/crowdstrike...strike_update/

ASAP · 07-19-2024, 06:27 AM

it seems like there is some new tech related mess all the time now...

i am not a tech guy but Crowdstrike is a cybersecurity company... presumably if they have an outage... i don't see how this affects the core systems of a number of companies... unless it is a hack?

RockCrusher · 07-19-2024, 06:44 AM

Quote:

Originally Posted by ASAP

it seems like there is some new tech related mess all the time now...

i am not a tech guy but Crowdstrike is a cybersecurity company... presumably if they have an outage... i don't see how this affects the core systems of a number of companies... unless it is a hack?

Word is that a software update gone wrong brought down CrowdStrike.

RickFLM4 · 07-19-2024, 07:07 AM

Quote:

Originally Posted by ASAP

it seems like there is some new tech related mess all the time now...

i am not a tech guy but Crowdstrike is a cybersecurity company... presumably if they have an outage... i don't see how this affects the core systems of a number of companies... unless it is a hack?

It's almost like concentrating software services, especially security-related services, in a few (or one) big players that serve entire industries and affect PCs everywhere, might have some downsides.

zx10guy · 07-19-2024, 07:13 AM

Read through the Forbes article on this. It's from a faulty update from Crowdstrike. I don't have any personal hands on experience with Crowdstrike. But from what I gather, the installed agents on the end points do automatic updates when available from Crowdstrike. Crowdstrike is a cloud based security platform. So this is why the impact has been pretty massive.

A fix has been identified but requires booting into Safe mode and then going to a specific directory on the PC/server to delete a specific file. So far there's no automated way of doing this so it's going to be a long manual process until Crowdstrike figures something out.

This is what we in the IT world call an RGE (resume generating event). And someone(s) is going to have a bad meeting with management/HR. I'm stunned that this wasn't identified in beta testing before being pushed out as a production/general release. Don't know how Crowdstrike is going to handle the ire of customers with real significant monetary loses due to this.

Frostynorth · 07-19-2024, 07:14 AM

On the plus side, if the computers can't boot, they can't get hacked.

NoMoreVauxhalls · 07-19-2024, 07:45 AM

Back in 2004 the computer security company that I worked for had exactly the same issue. (I won't name the company, but it was one of the big ones). We produced virus definition files every day (sometimes multiple times per day) which allowed the AV software to detect new viruses. These definition files are (were) created by an automated process and were QA tested before being deployed into the field - but due to the quick turnaround, corners were obviously cut during QA.

On that particular day, the update was created and started being downloaded and consumed by our software on computers around the world. Unfortunately, we incorrectly identified a Windows system file as being infected, and so that file was "quarantined" and moved from it's System folder, to our quarantine location.

End result: the sh!t hit the fan. And quickly. Any Windows PC would blue screen on the next bootup as that system file was no longer present. This sounds very similar to what has happened with Crowdstrike today...

I worked in tech support back then, and our phones were red hot for days! We subsequently revised our QA processes and made them much more robust. Individuals lost their jobs, also. And I'm guessing something similar will happen at Crowdstrike...

Artemis · 07-19-2024, 07:58 AM

Quote:

Originally Posted by RickFLM4

It's almost like concentrating software services, especially security-related services, in a few (or one) big players that serve entire industries and affect PCs everywhere, might have some downsides.

Name: Tech_Outage.jpg
Views: 506
Size: 148.1 KB

(source: https://www.abc.net.au/news/2024-07-...alia/104119960)

vreihen16 · 07-19-2024, 08:06 AM

As I said to my DW when I heard the talking heads on the morning TV news opening with this news as their headline, I'm glad that I was involuntarily retired from the IT business a few weeks ago.

Back to my nap.....

unluky · 07-19-2024, 08:28 AM

Secret Service right now going WHEW!!!!!!

zx10guy · 07-19-2024, 08:35 AM

Quote:

Originally Posted by NoMoreVauxhalls

Back in 2004 the computer security company that I worked for had exactly the same issue. (I won't name the company, but it was one of the big ones). We produced virus definition files every day (sometimes multiple times per day) which allowed the AV software to detect new viruses. These definition files are (were) created by an automated process and were QA tested before being deployed into the field - but due to the quick turnaround, corners were obviously cut during QA.

On that particular day, the update was created and started being downloaded and consumed by our software on computers around the world. Unfortunately, we incorrectly identified a Windows system file as being infected, and so that file was "quarantined" and moved from it's System folder, to our quarantine location.

End result: the sh!t hit the fan. And quickly. Any Windows PC would blue screen on the next bootup as that system file was no longer present. This sounds very similar to what has happened with Crowdstrike today...

I worked in tech support back then, and our phones were red hot for days! We subsequently revised our QA processes and made them much more robust. Individuals lost their jobs, also. And I'm guessing something similar will happen at Crowdstrike...

While details will probably solidify as to what the issue ultimate is/was, based on the info from the Forbes article for the fix:

1. Boot Windows into Safe Mode or WRE.

2. Go to C:\Windows\System32\drivers\CrowdStrike

3. Locate and delete file matching "C-00000291*.sys"

4. Boot normally.

This isn't a Windows system file that was mistakenly determined as a malicious file. This all points to an update CrowdStrike pushed down that caused an issue with their software that has hooks into the Windows kernel that is causing the BSOD and boot loops.

spazzyfry123 · 07-19-2024, 09:02 AM

Things aren’t so great here on the healthcare side of the fence…

NoMoreVauxhalls · 07-19-2024, 09:19 AM

Quote:

Originally Posted by zx10guy

This isn't a Windows system file that was mistakenly determined as a malicious file. This all points to an update CrowdStrike pushed down that caused an issue with their software that has hooks into the Windows kernel that is causing the BSOD and boot loops.

You're correct - it's not exactly the same issue. But I just wanted to relay a very similar (and very painful) issue that we had back in the day!

Hopefully Crowdstrike learn a hard lesson from this and fully review their QA processes going forward.

Artemis · 07-19-2024, 09:42 AM

https://www.crowdstrike.com/blog/sta...sensor-update/

Name: CrowdStrike_Falcon_Bug_1.jpg
Views: 385
Size: 126.1 KB

Name: CrowdStrike_Falcon_Bug_2.jpg
Views: 394
Size: 161.3 KB

JMcLellan · 07-19-2024, 11:56 AM

Quote:

Originally Posted by zx10guy

I'm stunned that this wasn't identified in beta testing before being pushed out as a production/general release. Don't know how Crowdstrike is going to handle the ire of customers with real significant monetary loses due to this.

100% this. How does this pass testing? With what is at stake and the potential impact it's crazy. It's hard to accept their QA was that bad and it's easy to go to the thought that a hack might be likely. I bet Crowdstrike wishes they could say this was a hack vs an internal issue. They may never recover.

Artemis · 07-19-2024, 12:16 PM

Name: Musk_Crowdstrike.jpg
Views: 422
Size: 149.2 KB

(source: https://www.telegraph.co.uk/business...stralia-world/)

Newark, USA earlier today:
Name: Newark_US.jpg
Views: 401
Size: 233.9 KB

07-19-2024, 04:39 AM	#1
Artemis Moderator 38418 Rep 13,958 Posts Drives: BMW M2C - BMW X1 Join Date: Jun 2011 Location: Belgium iTrader: (0)	CrowdStrike update BSOD calamity (worldwide) CrowdStrike update BSOD calamity (worldwide): "Global IT outage live: Computer havoc caused by Crowdstrike outage could take days to fix" https://www.abc.net.au/news/2024-07-...alia/104119960 "Global tech outages hit airlines, banks and businesses" https://edition.cnn.com/business/liv...hnk/index.html "Travel, banking and businesses hit after software bug causes worldwide IT chaos" https://www.bbc.com/news/live/cnk4jdwp49et "CrowdStrike Windows Outage—What Happened And What To Do Next" https://www.forbes.com/sites/kateofl...at-to-do-next/ "Major Windows BSOD issue takes banks, airlines, and broadcasters offline / A faulty update from cybersecurity provider CrowdStrike is responsible for the global outage." https://www.theverge.com/2024/7/19/2...e-outage-issue "BSOD error in latest crowdstrike update": https://www.reddit.com/r/crowdstrike...strike_update/ __________________ ///M is art ↔ Artemis
	Appreciate 3 vreihen1625454.50 zx10guy5894.00 T0RM3NT5124.00 Tweet Quote

07-19-2024, 06:27 AM	#2
ASAP Major General 11706 Rep 9,471 Posts Drives: '23 X3 M40i Join Date: Sep 2012 Location: FL iTrader: (0)	it seems like there is some new tech related mess all the time now... i am not a tech guy but Crowdstrike is a cybersecurity company... presumably if they have an outage... i don't see how this affects the core systems of a number of companies... unless it is a hack? __________________ 2 x N54 -> 1 x N55 -> 1 x S55-> 1 x B58 Last edited by ASAP; 07-19-2024 at 06:32 AM..
	Appreciate 0 Quote

07-19-2024, 07:13 AM	#5
zx10guy Brigadier General 5894 Rep 3,443 Posts Drives: 2013 135i Join Date: Feb 2014 Location: DC iTrader: (0)	Read through the Forbes article on this. It's from a faulty update from Crowdstrike. I don't have any personal hands on experience with Crowdstrike. But from what I gather, the installed agents on the end points do automatic updates when available from Crowdstrike. Crowdstrike is a cloud based security platform. So this is why the impact has been pretty massive. A fix has been identified but requires booting into Safe mode and then going to a specific directory on the PC/server to delete a specific file. So far there's no automated way of doing this so it's going to be a long manual process until Crowdstrike figures something out. This is what we in the IT world call an RGE (resume generating event). And someone(s) is going to have a bad meeting with management/HR. I'm stunned that this wasn't identified in beta testing before being pushed out as a production/general release. Don't know how Crowdstrike is going to handle the ire of customers with real significant monetary loses due to this.
	Appreciate 1 vreihen1625454.50 Quote

07-19-2024, 07:14 AM	#6
Frostynorth Weirdo 585 Rep 219 Posts Drives: 2011 e92 M3 Join Date: Jun 2020 Location: Middle of nowhere iTrader: (0)	On the plus side, if the computers can't boot, they can't get hacked.
	Appreciate 3 vreihen1625454.50 BMWGUYinCO4479.50 spazzyfry1236711.00 Quote

07-19-2024, 07:45 AM	#7
NoMoreVauxhalls First Lieutenant 455 Rep 328 Posts Drives: BMW X3 30d M Sport Join Date: Aug 2020 Location: Reading, UK iTrader: (0)	Back in 2004 the computer security company that I worked for had exactly the same issue. (I won't name the company, but it was one of the big ones). We produced virus definition files every day (sometimes multiple times per day) which allowed the AV software to detect new viruses. These definition files are (were) created by an automated process and were QA tested before being deployed into the field - but due to the quick turnaround, corners were obviously cut during QA. On that particular day, the update was created and started being downloaded and consumed by our software on computers around the world. Unfortunately, we incorrectly identified a Windows system file as being infected, and so that file was "quarantined" and moved from it's System folder, to our quarantine location. End result: the sh!t hit the fan. And quickly. Any Windows PC would blue screen on the next bootup as that system file was no longer present. This sounds very similar to what has happened with Crowdstrike today... I worked in tech support back then, and our phones were red hot for days! We subsequently revised our QA processes and made them much more robust. Individuals lost their jobs, also. And I'm guessing something similar will happen at Crowdstrike...
	Appreciate 4 vreihen1625454.50 zx10guy5894.00 Wheelwright479.00 dradernh4826.00 Quote

07-19-2024, 08:06 AM	#9
vreihen16 Recovering Perfectionist 25455 Rep 1,045 Posts Drives: BMW-less :( Join Date: Jun 2019 Location: Orange County, NY iTrader: (0)	As I said to my DW when I heard the talking heads on the morning TV news opening with this news as their headline, I'm glad that I was involuntarily retired from the IT business a few weeks ago. Back to my nap..... __________________ Currently BMW-less.
	Appreciate 13 zx10guy5894.00 cmyx6go17709.50 BMWGUYinCO4479.50 RickFLM412445.00 NoMoreVauxhalls455.00 T0RM3NT5124.00 2000cs4258.50 DocL2226.50 SW111617.00 Car-Addicted8234.00 dradernh4826.00 Buug95927263.50 Samurai of 2day2344.00 Quote

07-19-2024, 08:28 AM	#10
unluky Major 7827 Rep 1,279 Posts Drives: 04 z4 3.0 Sport & 15 X5 35i XD Join Date: Aug 2013 Location: Sedalia, MO iTrader: (0) Garage List 2015 BMW X5 XDrive 35i [0.50] 2004 BMW Z4 3.0 Spo ... [0.00]	Secret Service right now going WHEW!!!!!! __________________ 2015 X5 XDrive 35i - 2004 Z4 3.0 Sport
	Appreciate 6 RickFLM412445.00 Wolf 3352573.00 Car-Addicted8234.00 spazzyfry1236711.00 2000cs4258.50 Buug95927263.50 Quote

07-19-2024, 09:02 AM	#12
spazzyfry123 Colonel 6711 Rep 2,222 Posts Drives: Here and There Join Date: Jul 2013 Location: North Georgia Mountains iTrader: (1) Garage List LMB BMW E90M Stripper [10.00] 80 Series Toyota La ... [8.33] 200 Series Toyota L ... [10.00] JB BMW E90M Stripper [10.00] 11th Gen Ford F-150 [10.00]	Things aren’t so great here on the healthcare side of the fence…
	Appreciate 2 vreihen1625454.50 BMWGUYinCO4479.50 Quote

07-19-2024, 09:42 AM	#14
Artemis Moderator 38418 Rep 13,958 Posts Drives: BMW M2C - BMW X1 Join Date: Jun 2011 Location: Belgium iTrader: (0)	https://www.crowdstrike.com/blog/sta...sensor-update/ __________________ ///M is art ↔ Artemis
	Appreciate 2 vreihen1625454.50 BMWGUYinCO4479.50 Quote

07-19-2024, 12:16 PM	#16
Artemis Moderator 38418 Rep 13,958 Posts Drives: BMW M2C - BMW X1 Join Date: Jun 2011 Location: Belgium iTrader: (0)	(source: https://www.telegraph.co.uk/business...stralia-world/) Newark, USA earlier today: __________________ ///M is art ↔ Artemis
	Appreciate 3 JMcLellan3149.50 vreihen1625454.50 RickFLM412445.00 Quote