A huge mistake by cybersecurity company CrowdStrike has caused a global IT outage on a massive scale, with airlines, banks, health services, and more affected – including some 911 centers.
United, Delta, and American Airlines are among the airlines who have been forced to ground flights. Broadcaster Sky News was taken off-air for several hours. Many retailers have been unable to accept payments. In short, it’s chaos out there …
CrowdStrike’s security software is used by a huge number of companies and other organizations, and a faulty update caused Windows PCs around the world to crash and enter a reboot loop, leaving them completely unusable.
The company’s CEO admitted responsibility for the mess, but downplayed its impact (“a defect found in a single content update”) and, notably, completely failed to apologize.
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted.
This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.
The internet was quick to point out this omission.
To make matters worse, if that is possible, the company put the notice behind a client login – leaving many customers unable to even see it because their work PCs were down, meaning they had no access to the password managers needed to log in.
The severity of the issue, with PCs unable to reboot, means it’s going to take a significant time for affected organizations to fix.
There is a workaround, but that will currently need to be implemented on a PC-by-PC basis.
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
Microsoft also has a potential fix for virtual machines – involving up to 15 reboots!
Using the Azure Portal – attempting ‘Restart’ on affected VMs
Using the Azure CLI or Azure ShellWe’ve received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.
Macs aren’t affected, but a lot of the services Mac users need to access will be down today.
Screengrab courtesy of Mukul Sharma
FTC: We use income earning auto affiliate links. More.
Comments