DespeRATes
Posted on 07/19/2024 1:10:25 AM PDT by ifinnegan
Falcon Sensor putting hosts into deathloop - but there's a workaround icon Simon Sharwood Fri 19 Jul 2024 // 06:46 UTC UPDATED An update to a product from infosec vendor CrowdStrike is bricking computers running Windows.
The Register has found numerous accounts of Windows 10 PCs crashing, displaying the Blue Screen of Death, then being unable to reboot.
“We're seeing BSOD Org wide that are being caused by csagent.sys, and it's taking down critical services. I'll open a ticket, but this is a big deal,” wrote one user.
Forums report that Crowdstrike has issued an advisory with a URL that includes the text "Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19" – but it's behind a regwall that only customers can access.
Saw that- thanks! So far it seems the fix will have to be done on individual computers. Uggh..
https://www.theverge.com/2024/7/19/24201717/windows-bsod-crowdstrike-outage-issue
Thousands of Windows machines are experiencing a Blue Screen of Death (BSOD) issue at boot today, impacting banks, airlines, TV broadcasters, supermarkets, and many more businesses worldwide. A faulty update from cybersecurity provider CrowdStrike is knocking affected PCs and servers offline, forcing them into a recovery boot loop so machines can’t start properly. CrowdStrike is widely used by many businesses worldwide for managing the security of Windows PCs and servers.
We use Epic too. Thanks, these scenarios keep me up at night sometimes.
I’m doing overnight outpatient pediatric nursing and our online patient reporting software went down around 2:30 am and is still down. What a screw up.
Assuming this fix works, unless this process can be automated, would you trust the average end user in corporate American being able to complete this task successfully.
Even if end users can complete this fix successfully, how long will it take to complete this process on millions of computers worldwide.
Regardless, it will take a while to get everything back up.
I spent 38 years in IT support, I’ve seen some major screwups that took down large portions of major networks, this is either a major screwup or a massive cyber-attack, personally I don’t believe in coincidences.
Yup.
This is going to be fun to watch.
My site got the update at 12:44am, and what it did to us was “page fault in nonpaged area csagent.sys”
Then the infinite boot loop began.
Corporate IT was like “just open this link and do this” and they lost it when told “yeah, we can’t get it to boot up to the login screen, and even if it does we don’t have bitlocker access to do anything with it “.
We can’t get to Azure because IT’S down and even if we could we don’t have access to THAT!
Yep, my team is applying that fix now... just grabbed some caffeine... it’s gonna be a day....
After 38 years in IT support, whenever I witnessed a major screw up that took down major systems, when I knew I had nothing to do with the screw up, I enjoyed watching others especially management lose their sh^t and watched a lot of them completely melt down.
We are nearly wholly back online now.
I work in Radiology Informatics, and we were reverting to paper printed Radiology requisitions when things came back online
Good luck.
Dreadfully sorry for that.
I’m just the end user that knows enough to be troublesome.
I tried to poke the computer a bit in my dungeon, but our onsite IT is obviously a bunch of dragons as they have hoarded everything useful under their control.
Whole site down and unproductive from 1244am forward...
Calls for extra coffee light and sweet but double brewed.
I’m in the healthcare space as well... I know our faculties have been on paper for while...
Being slightly smarter than the average bear end user, I liked watching the guys lose it as everything cascaded and tricks they used failed.
What something like this exposes is those IT professionals that have common sense and can work under pressure and those who are in management positions who got there without real knowledge of what’s going on and are really incapable of doing their jobs in the real world.
Following
Our onsite IT hoards access and knowledge so that certain simple things that end users could possibly do to get production moving again are impossible without their fiat.
So we often end up with lost productivity because we end up waiting for them to deign to fix it IF they even get to it.
But you know who will be yelled at for the loss of time.
I’m glad I’m not G6 help desk anymore, not since I ets’d.
From what I understand the update was initially published at 10:20 pm, and triggered for us at 12:44am eastern.
Interesting.
Took out our onsite camera system first, then production systems just keeked over and turned French.
Seems the Azure issue preceded the Crowdstrike problem.
—
CrowdStrike, not Microsoft
Early reporting from national media organizations misattributed the IT issues to Microsoft, which itself battled its own outage hours earlier on its Azure cloud platform, but this appears unrelated to the underlying problem causing the widespread IT issues across the world.
This particular Azure issue was affecting Microsoft 365 subscription services but was already resolved by the time disruption scuppered global systems.
Microsoft found the time to respond to us briefly today, but continued to ignore our repeated requests for an explanation over allegations that it failed to properly notify customers of a Russia-attributed data breach.
A spokesperson said: “We’re aware of an issue affecting Windows devices due to an update from a third-party software platform. We anticipate a resolution is forthcoming.” ®
https://www.theregister.com/2024/07/19/crowdstrike_shares_sink_as_global/
The timing is too coincidental what with the assassination attempt and biden “catching” Covid.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.