Jump to content

CrowdStrike..and out!

toucana

By toucana
in Computer Science

 Share

Recommended Posts

toucana

toucana

Posted
Posted (edited)

The US enterprise infosec firm CrowdStrike has admitted responsibilty for pushing a bad software update that has bricked millions of Windows PC computers around the world, causing chaos at airports, medical facilities, and banking firms on an unprecedented scale. In UK the Sky television network was taken off the air for a while because of this IT failure, and London taxi drivers say they have been unable to process card payments, and are having to work on a cash only basis.

https://www.bbc.co.uk/news/articles/cp4wnrxqlewo

Sources at CrowdStrike say that a bad channel content update to a driver in their Falcon sensor software system appears to be the cause of the problem. The software is supposed to identify and mitigate potential cyber security threats on enterprise level computer network systems, but the malformed update achieved its apotheosis by deciding that the Microsoft Windows 10 itself was a dangerous virus - resulting in a BSOD boot-loop.

https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/

CrowdStrike have around 24,000 enterprise customers worldwide, but many of these are large corporations with global networks of their own, so the consequences of this software error are quite enormous. The coding issue has been identified, but the problem is that while some affected computer systems can apparently be reset by rebooting a machine up to 15 times in a row, other systems will need to be fixed by rebooting each one in safe mode, and carrying out a directory seach to locate and delete the damaged system file.

https://en.wikipedia.org/wiki/2024_CrowdStrike_incident

Going to be a busy weekend if you are an IT tech.

Edited by toucana
removed duplicate 'of' in para 3
Link to comment
Share on other sites
exchemist

exchemist

Posted
Posted
1 hour ago, toucana said:

The US enterprise infosec firm CrowdStrike has admitted responsibilty for pushing a bad software update that has bricked millions of Windows PC computers around the world, causing chaos at airports, medical facilities, and banking firms on an unprecedented scale. In UK the Sky television network was taken off the air for a while because of this IT failure, and London taxi drivers say they have been unable to process card payments, and are having to work on a cash only basis.

https://www.bbc.co.uk/news/articles/cp4wnrxqlewo

Sources at CrowdStrike say that a bad channel content update to a driver in their Falcon sensor software system appears to be the cause of the problem. The software is supposed to identify and mitigate potential cyber security threats on enterprise level computer network systems, but the malformed update achieved its apotheosis by deciding that the Microsoft Windows 10 itself was a dangerous virus - resulting in a BSOD boot-loop.

https://www.theregister.com/2024/07/19/crowdstrike_falcon_sensor_bsod_incident/

CrowdStrike have around 24,000 enterprise customers worldwide, but many of these are large corporations with global networks of their own, so the consequences of this software error are quite enormous. The coding issue has been identified, but the problem is that while some affected computer systems can apparently be reset by rebooting a machine up to 15 times in a row, other systems will need to be fixed by rebooting each one in safe mode, and carrying out a directory seach to locate and delete the damaged system file.

https://en.wikipedia.org/wiki/2024_CrowdStrike_incident

Going to be a busy weekend if you are an IT tech.

Crowdstrike certainly seems like nominative determinism. 

1
Link to comment
Share on other sites
Sensei

Sensei

Posted
Posted (edited)

The fix is ultra easy and does not require the presence of an administrator as long as the BIOS is not password-protected, PEX is not used, system drive is not password encrypted, and booting from USB is enabled.

Download Linux Live pendrive e.g. Kali Linux Live, save to a flash drive, boot from the flash drive on the target machine, mount the Windows system partition, rename folder C:\Windows\System32\Drivers\Crowdstrike and reboot the system.

Administrator privileges are not needed, just Linux Live on a flash drive. You can hack into any Windows or Linux this way, as long as you have physical access to it.

Edited by Sensei
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.