Summary

CrowdStrike is a cybersecurity company specializing in endpoint protection, threat intelligence, and cyberattack response services. A bad “update” to the CrowdStrike Falcon sensor didn’t play nice with Windows operating systems and caused them to BSOD (blue screen of death).

Breakdown

• The issue impacted various sectors, including airports, banks, and government services.
• The problem was first reported on the CrowdStrike subreddit (https://reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/) on July 18th, 2024.
• “Fix” that allows Windows to boot: Boot to Safe Mode or WinRE → launch cmd → del "C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys" → Reboot
• Note that the above “fix” also disables CrowdStrike endpoint protection services

Quotes

• "Everyone saying hey it's stuck in a boot loop it won't be able to get past the blue screen of death."
• "This is affecting us on a Friday and it's taken out an airport or a bank or whatever state municipality government 911 things."
• "It's wild to see maybe a good portion of the internet just sort of choke and fall over thanks to this."
• "Supermarkets going cash only in Sydney now."
• "It is going to take real people to actually solve the problem and fix it."

Recommendations for Businesses

• Maintain backups and contingency plans for critical systems to mitigate disruptions.
• Stay informed about cybersecurity best practices and emerging threats.
• Collaborate with industry peers to share knowledge and solutions during crises.
• Regularly monitor software updates for potential issues before widespread deployment.
• Engage with online communities for real-time problem-solving during technical outages.

References

• CrowdStrike subreddit
• Twitter/X
• Reddit thread by @Cyfi10 (Twitter/X handle)
• Reporting by @troyhunt (Twitter/X handle)
• Down Detector (https://downdetector.com)