Table of Contents
In this new article, we discuss a global crash that affects Microsoft Windows 10, Windows 11, and other Windows machines.
CrowdStrike Falcon update
This crash is not just caused by Windows; it is actually caused by an antivirus or EDR product called CrowdStrike Falcon. At 1900 hours on 18 July, CrowdStrike released an update. When the update was installed on Windows machines, they began to display a completely blue screen, known as the Blue Screen of Death. This caused the machines to go offline and become completely inaccessible.
Industries affected
The impact is not just limited to laptops or servers, but also occurs in the cloud. If you look at the industries affected, you can see that airports have stopped functioning. Flights have been cancelled and people are being given handwritten boarding passes. Banking and financial institutions have also been affected, as has the stock exchange. Many news and media agencies are reporting failures due to this problem. At one airport, three out of four screens showed the ‘blue screen of death’ and boarding passes were handwritten.
The impact is significant. All Windows machines that have the CrowdStrike agent installed and have downloaded this update will experience this issue.
Incident Response
In Great Learning’s cyber security training programme we discuss incident response. Today, IT and security professionals need to practice incident response because it will be a challenge to recover many machines on your network that face this problem.
Root cause of outages
As mentioned above, the root cause of this issue is the latest update from CrowdStrike, an antivirus or EDR protection solution. The issues stem from a driver file or a .sys file. CrowdStrike has identified the issue and reversed the changes it made. However, when an EDR or antivirus company releases an update, it is installed almost immediately on millions of computers worldwide. CrowdStrike has a solution.
Solution for Windows
The Computer Emergency Response Team of India (CERT-In) has issued an advisory. The workaround is to start your Windows computer in safe mode or recovery environment. Then navigate to C:\Windows\System32\drivers, locate the folder named CrowdStrike, and delete the files that match the naming convention C00000291*. Once you have deleted these files, restart your Windows computer.
Cloud solution
If your cloud machines in Microsoft Azure, GCP or AWS are experiencing this issue, we recommend that you restore a backup from a few days ago or even yesterday. Restoring the backup should fix the problem.
Learning from this crash
What can we learn from this?
The importance of backups
Firstly, backups are essential for any organisation. It’s important to identify your critical assets and back them up on at least a daily basis.
Incident Response Plan
Second, having an incident response plan is critical. With an incident response plan, you can follow it in situations like this, so your teams don’t have to rush around. They’ll know exactly what to do and be able to execute the plan with precision.
Resilience and contingency planning
Thirdly, an organisation’s resilience plan is critical. How do you keep your business running during the world’s biggest IT outage? This requires contingency planning.
Summarise
In summary, this issue is due to the latest CrowdStrike update being installed on Windows computers. If you do not have CrowdStrike, there is nothing to worry about. If you have CrowdStrike and are experiencing this issue, please follow the steps below to get your systems back online. Availability is of the utmost importance today.
Discover more from Comprehensive Product Reviews: Your Trusted Source
Subscribe to get the latest posts sent to your email.
