Threat Intelligence: Global IT Outage Due to Faulty CrowdStrike EDR Update - D1 Defend D1 Defend

Threat Intelligence: Global IT Outage Due to Faulty CrowdStrike EDR Update - D1 Defend D1 Defend

x

Blog

Threat Intelligence: Global IT Outage Due to Faulty CrowdStrike EDR Update

July 19, 2024

Over the past 10-12 hours, a significant IT outage has impacted systems worldwide. The source of this disruption is a faulty update from CrowdStrike’s EDR, specifically affecting Windows systems. This emergency briefing will provide you with critical information, immediate actions to mitigate the issue, and guidance on how to protect your systems and communicate with your partners effectively.

What Happened?

A recent update to CrowdStrike’s Falcon Sensor has caused Windows systems to crash with a Blue Screen of Death (BSOD), often resulting in an infinite boot loop. This update has only impacted Windows hosts; Mac and Linux systems remain unaffected. The ripple effects of this outage are extensive, affecting airlines, banks, telecoms, medical services, and other critical infrastructure sectors.

Key Points

  • Issue: Major global IT outages due to a faulty CrowdStrike update.
  • Severity: Critical availability issue.
  • Affected Systems: Windows hosts only.
  • Security Status: CrowdStrike confirms that all customers remain fully protected.
  • Scam Alert: Be aware of opportunistic threat actors impersonating CrowdStrike support. Ensure contact is made directly with legitimate CrowdStrike representatives.

Immediate Actions

  1. Contact CrowdStrike Support:

    • If you or your clients are affected, reach out to CrowdStrike immediately. They have teams on standby to assist.
  2. Access Remediation Details:

    • CrowdStrike is hosting remediation details in a Tech Alert on their cloud portal. (A CrowdStrike account may be required to access the most updated guidance.)
  3. Temporary Workaround:

    • Boot Windows into Safe Mode in the Windows Recovery Environment.
    • Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
    • Locate the file matching “C-00000291*.sys” and delete it.
    • Boot the host normally.

Communication with Partners

Inform your partners that this outage may cause certain key services or vendors to malfunction. Provide them with the link to the proper CrowdStrike patches and encourage them to contact CrowdStrike support if they are affected.

Final Thoughts

While this incident has caused significant disruptions, it is currently believed to be due to a faulty update rather than a global cyber-attack. Stay vigilant against potential scams and ensure that all communications and actions are verified through legitimate CrowdStrike channels.

As always, we remain dedicated to your security and will continue to provide updates as more information becomes available.

Contact Us Today!

Related Articles

Find More Articles

Schedule a Call