Global Microsoft outage hits due to CrowdStrike Update Definitions

[erek]

… and hits hard too!

“

• Global outages: Tech disruptions worldwide have hit airlines, banks and businesses, which are scrambling to respond.
• What’s behind this? The outages appear to stem at least partly from a software update for Microsoft Windows operating systems issued by cybersecurity firm CrowdStrike, experts tell CNN.
• Fix deployed, but impacts remain:CrowdStrike’s CEO said that a fix has been deployed. And Microsoft said the “underlying cause” has been fixed, but that the outages are still affecting some services.
• What has been affected: Major US carriers, including Delta, United and American Airlines, have had flights grounded, and airlines in Europe and Asia-Pacific region have also seen disruptions. Banks in Australia, New Zealand, South Africa and Britain have been impacted, as have health services in Israel and the UK.”

Source: https://www.cnn.com/business/live-news/global-outage-intl-hnk/index.html

 

[erek]

Who else is up fixing Windows BSOD after the CrowdStrike SNAFU???

• fowlrock

Replies 11
9 minutes ago

 

[emphy]

Given that this seems to stem from security software, I'll venture to guess that the cause will turn out to be a problem in kernel-privileged drivers installed by said software.

 

[Newbie_52]

The disadvantage of always being connected & updated...

 

[zehoo]

I turned up to work and the doors are shut to the public due to this ;-).

Whatever happened to testing server updates before deploying them?

 

[kalston]

Given that this seems to stem from security software, I'll venture to guess that the cause will turn out to be a problem in kernel-privileged drivers installed by said software.

Yes it's a Crowdstrike kernel driver. They decided to not test it (given how much it's failing, it feels that way) and release it on a Friday/Thursday (timezones..). Masterstroke.

 

[jlbenedict]

What a f'ing nightmare this morning and still ongoing

 

[Comixbooks]

 

[AceGoober]

Cloudstrike error is why my pay deposit hasn't hit yet. Bastards.

 

[erek]

Cloudstrike error is why my pay deposit hasn't hit yet. Bastards.

sad

 

[erek]

 

[sleepeeg3]

The disadvantage of always being connected & updated...

Bingo. Linux FTW.

 

[cjcox]

The only way to be 100% secure is to turn it all off.

Crowdstrike: Hold my beer...

 

[Zarathustra[H]]

...and of course Crowdstrike pushed this update out on a Friday...

 

[cageymaru]

My buddy has been complaining all day. I'm like what are you talking about; everything works fine!

I'm running Linux on my main rig and a Steam Deck as a backup gaming device.

Memes on Twitter.
https://x.com/search?q=MacOS&src=trend_click&vertical=trends

 

[toast0]

Bingo. Linux FTW.

There's reports of Cloudstrike borking Linux systems earlier this year; although that was apparently not all Linux systems.

 

[cjcox]

My management drinks full Microsoft Kool-Aid, but we don't use Crowdstrike. My fear is that after the big M365/Azure outage, they'll say, "Wait a minute, Microsoft uses Crowdstrike and we don't? Gotta fix that next year."

 

[pendragon1]

linux linux linux blah blah blah
every fucking time...


am i understanding this correctly that is a software issue, not a windows issues? if youre not using crowdstrike youre good?

 

[Zarathustra[H]]

The bad update has been pulled by Crowdstrike.

Apparently the fix is to boot the machines in safe mode and remove a sys file from the crowdstrike folder.

I imagine some poor windows admin right now like "I have to safe mode boot...500 systems?"

 

[pendragon1]

I imagine some poor windows admin right now like "I have to safe mode boot...500 systems?"

we even got a thread of those poor souls...
https://hardforum.com/threads/who-e...wdstrike-snafu.2035974/page-2#post-1045919607

 

[JavaLava]

The bad update has been pulled by Crowdstrike.

Apparently the fix is to boot the machines in safe mode and remove a sys file from the crowdstrike folder.

I imagine some poor windows admin right now like "I have to safe mode boot...500 systems?"

I am sure there are orgs out there with way more then 500.

AWS EC2 admins have it worse in my opinion...one of my criticisms about EC2 is them not giving "console" access to the EC2 VM's and you can only RDP. Its a nightmare for the whole "clone your EBS volume, mount it to another machine that works, clear the file, unmount, etc" procedure.

 

[AlphaQup]

The fix just so it's in plain-text here:

1) boot to safe mode, login as ADM
2) C:\Windows\System32\drivers\CrowdStrike\C-00000291* Delete this file.
3) Reboot

Personally, I'm making the rounds on about 200 of our VM's.... pouring one out tonight whenever I get off work for sure!

 

[jlbenedict]

The bad update has been pulled by Crowdstrike.

Apparently the fix is to boot the machines in safe mode and remove a sys file from the crowdstrike folder.

I imagine some poor windows admin right now like "I have to safe mode boot...500 systems?"

Got called this morning around 7 to hop on a conference bridge to do just that .. fun times..

Apparently there is some sort of script/workaround.. involving putting a group policy in place to set safemode via bcdedit.. and remove the file..
then reverse the bcdedit settings..

 

[erek]

we even got a thread of those poor souls...
https://hardforum.com/threads/who-e...wdstrike-snafu.2035974/page-2#post-1045919607

i already linked to that thread though,

https://hardforum.com/threads/global-microsoft-outage-hits.2035975/post-1045919407

 

[erek]

The fix just so it's in plain-text here:

1) boot to safe mode, login as ADM
2) C:\Windows\System32\drivers\CrowdStrike\C-00000291* Delete this file.
3) Reboot

Personally, I'm making the rounds on about 200 of our VM's.... pouring one out tonight whenever I get off work for sure!

The official fix statement,

"To Fix CrowdStrike Blue Screen of Death Simply Reboot 15 Straight Times, Microsoft Says"

 

[jlbenedict]

The official fix statement,

"To Fix CrowdStrike Blue Screen of Death Simply Reboot 15 Straight Times, Microsoft Says"

That is for Azure VM's...
YES... we are dealing with this fiasco also.... no console access to a Windows VM in the cloud.... ugh... fun times

 

[pendragon1]

i already linked to that thread though,

https://hardforum.com/threads/global-microsoft-outage-hits.2035975/post-1045919407

i know, i think someone missed it.

 

[pendragon1]

The official fix statement,

"To Fix CrowdStrike Blue Screen of Death Simply Reboot 15 Straight Times, Microsoft Says"

 

[jlbenedict]

here was the GPO workaround

View: https://gist.github.com/whichbuffer/7830c73711589dcf9e7a5217797ca617

 

[polonyc2]

i already linked to that thread though,

https://hardforum.com/threads/global-microsoft-outage-hits.2035975/post-1045919407

that part of the forum is only for paid subscribers...don't worry about it...that pendragon guy is obsessed with telling people to post in other threads...he's not a Mod or Admin...it's perfectly fine to post in the News section...I don't think he understands what a News section is...everything could theoretically be posted in another section but that's why it's called 'News'

 

[pendragon1]

that part of the forum is only for paid subscribers...don't worry about it...that pendragon guy is obsessed with telling people to post in other threads...he's not a Mod or Admin...it's perfectly fine to post in the News section...I don't think he understands what a News section is...everything could theoretically be posted in another section but that's why it's called 'News'

thats not even whats going on here but reeeeeee some more.

 

[erek]

that part of the forum is only for paid subscribers...don't worry about it...that pendragon guy is obsessed with telling people to post in other threads...he's not a Mod or Admin...it's perfectly fine to post in the News section...I don't think he understands what a News section is...everything could theoretically be posted in another section but that's why it's called 'News'

he might soon be a mod or admin, so worry about it

.. i think

 

[polonyc2]

he might soon be a mod or admin, so worry about it

.. i think

lol...I think it's his dream but not reality

 

[pendragon1]

he might soon be a mod or admin, so worry about it

.. i think

will never happen, kyle says he cant hire canuckistanis.

lol...I think it's his dream but not reality

you keep making assumptions and getting personal. you should probably knock it off...

 

[erek]

 

[FlawleZ]

I'm in Cozumel and a couple hours away from flying back to San Antonio. So far my Southwest flight isn't delayed.

 

[AceGoober]

The official fix statement,

"To Fix CrowdStrike Blue Screen of Death Simply Reboot 15 Straight Times, Microsoft Says"

 

[LukeTbk]

I naively vastly underestimated how much windows system there still was when you are not forced in any way to use it (maybe where the naivety come from), one would have thought in 2024 that big airlines chain terminal, hostel and so on where not Windows anymore..., maybe I underestimate how good Windows is for that kind of stuff...

 

[erek]

Apparently the update was pushed by a first day new hire at CrowdStrike

 

[SPARTAN VI]

Production alert went out for my company, one of the largest banks in the US. Unfortunately it's having zero direct impact to my operations, but I assume it's going to be a slower day because my customers are impacted outside of my product/application and wont be bothering me today.