CrowdStrike update crashes Windows systems, causes outages worldwide

A recent update to CrowdStrike Falcon caused significant disruptions globally by crashing Windows systems. The update's faulty component led to numerous systems encountering boot loops or the Blue Screen of Death (BSOD).

The affected systems include critical infrastructure such as businesses, hospitals, and emergency services. CrowdStrike pinpointed a specific Channel File as the issue and issued a workaround involving the deletion of this file. Despite this, major disruptions were reported worldwide, including at airports and emergency services. CrowdStrike's CEO confirmed the problem and promised continued support to affected customers​.

Identifying the Culprit and Addressing the Issue:

CrowdStrike swiftly identified the root cause of the widespread outages as a faulty Channel File within the update. To mitigate the issue, the company issued a workaround involving the manual deletion of this specific file. This solution has successfully restored functionality to many affected systems.

Impact and Response:

Despite the workaround, major disruptions were reported worldwide, impacting a range of industries. Several airports experienced delays and disruptions to their operations, with some reporting system malfunctions that affected boarding passes and flight scheduling. Emergency services also reported outages, raising concerns about potential delays in critical responses.

Workaround Steps for Affected Users:

For those experiencing system crashes due to the faulty update, CrowdStrike provides the following workaround steps:

1. Boot Windows into Safe Mode or the Windows Recovery Environment: This can be done by pressing F8 repeatedly during startup or by using the advanced startup options in the Windows settings.
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory: This directory contains the CrowdStrike Falcon driver files.
3. Locate the file matching “C-00000291.sys”, and delete it.* This file is the faulty Channel File that is causing the system crashes.
4. Boot the host normally: After deleting the faulty file, restart your system and it should boot normally. CrowdStrike's Response:

In a statement, CrowdStrike CEO acknowledged the issue and apologized for the inconvenience caused. The company has been actively working to address the problem and has assured affected customers of their full support.

A Call for Vigilance:

This incident serves as a stark reminder of the potential impact of software updates on critical infrastructure. While updates are crucial for security and performance improvements, proper testing and rigorous quality assurance are essential to prevent widespread disruptions.

Moving Forward:

While the immediate crisis appears to be under control, this incident highlights the need for robust incident response plans and proactive risk management strategies within organizations.

Key Takeaways:

• Software updates, while essential, can sometimes introduce unforeseen vulnerabilities.
• Thorough testing and quality assurance are vital to prevent widespread outages.
• Organizations must have well-defined incident response plans to minimize disruptions in the event of a software-related incident.
• The importance of reliable cybersecurity solutions and proactive security practices cannot be overstated. NewPush will continue to monitor this situation and provide updates as they become available.

 

Bleeping Computer 07/19/2024