Posted on 07/19/2024 1:10:25 AM PDT by ifinnegan
Falcon Sensor putting hosts into deathloop - but there's a workaround icon Simon Sharwood Fri 19 Jul 2024 // 06:46 UTC UPDATED An update to a product from infosec vendor CrowdStrike is bricking computers running Windows.
The Register has found numerous accounts of Windows 10 PCs crashing, displaying the Blue Screen of Death, then being unable to reboot.
“We're seeing BSOD Org wide that are being caused by csagent.sys, and it's taking down critical services. I'll open a ticket, but this is a big deal,” wrote one user.
Forums report that Crowdstrike has issued an advisory with a URL that includes the text "Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19" – but it's behind a regwall that only customers can access.
I got paged yesterday evening, late last night, and at 4AM this morning. Our issues were Azure authentication based yesterday (unrelated to Office365), but I don’t know yet about this morning.
I completely get why people might get the two conflated, and they actually might be related. For all we know, Microsoft Azure uses Crowdstrike and did updates in a flawed way with inadequately tested software. Normally, I would assume you would have a redundant system, take one offline, upgrade it, see if it works, then put it back online and take another node offline and do that one, but if you told me they did them all at the same time in a critical place, I might post the “This is my surprised face” graphic.
My specialty at this point in my career is testing our software for upgrades. I am involved in one regimen where I have been working on it for two months and my test plan involves 1500 discrete steps, and I take that care because if a physician care is delayed to a patient having a stroke because of some unanticipated flaw in my software that I introduced in an upgrade, even a small delay for that patient it can mean the difference for them between having few or no symptoms going forward, or being bedridden unable to move for the rest of their lives or...being dead.
And that patient might be my loved ones, friends, or...me. But for me, even if it is a complete stranger, that is enough.
So, I take it damned seriously. But if the people being hired to perform these tasks (such as Microsoft may do) are from some third world country who may or may not see things the same way I do, then who knows what or how they might test.
Value systems and culture count. They aren’t meaningless. And I can’t guarantee those people will see these kinds of things the same way I or a fellow American might.
This kind of thing counts.
I'm sure the bad guys aren't taking notes.
This wasn’t a laughing matter.
I’m glad you’re back online.
Crowdstrike has some ‘splaining to do.
Was working at Duke in the ER when internet and local network went down.
It was turn your clock back to 1880.
Could not chart, write orders, see labs or X-rays, pull up patients or records.
Even phone and paging system went down. Nothing worked. Nothing.
We could write paper notes but that was basically it. Lab and Xray could not operate their equipment.
Sat there for 4 hours twiddling our thumbs while patients piled up in the waiting room.
Now, if we could only zap every cell phone.
Step one - turn off ALL automatic updates on all machines.
This isn’t the first time some rollout of an update has caused major issues. Our IT won’t even roll out an update until it’s been vetted on a test server isolated from corporate and isolated from the operations network servers.
Crowdstrike, eh? Where have I heard that name before.....
"The DNS server is not responding"
On Wednesday, my computer quickly self-repaired.
On Thursday, it crashed again for ALL major websites - Google, Drudge, Wiki, etc.
But, Free Republic did not crash!
I closed my Edge browser, rebooted Edge, and I still could link to Free Republic, but no other websites.
I rebooted the whole computer, and presto - everything worked perfectly.
First time I have ever seen that problem.
It hit more computers than mine, because both times I came back up, my computer had instantaneous speed, which means the issue knocked thousands of computers off my network.
This happens all the time to IT teams. Windows updates are notorious fir breaking things.
Many time you’re left assessing the risk of not updating because there are critical security fixes but you need certainty. For example, the RNC. You’ve planned a convention for months and have systems and WiFi all setup for your event and viola, a critical Windows security update lands on your desk the day the convention opens. Oft time, these updates have dependencies on other components in your system so you end up updating applications software too.
Anyone want an mRNA code update from Bill Gates?
Wait until election night
When given the choice a few years back, I went with Carbon Black and not CrowdStrike. I actually slept the night can’t say others in the company were able to.
I was cranky. I was with company last night and got paged, had to leave them all there while I logged in via laptop.
Didn’t get to bed until after 1 AM, then got paged at 4 AM, damned groggy and irritable. Not a young man anymore.
I was told there was a global outage of Epic Electronic Medical Records by someone on my team (don’t know if that was true) so I logged onto FR to see what news there was, and saw that post about it being funny, and jumped down that guy’s throat.
He didn’t deserve that. I was just groggy and irritable.
I couldn’t access my computer- workaround doesn’t seem to work for some. What a MESS.
Thanks:
Similarly:
Amazing to me that installed software can dork your whole machine. Sounds like a Windows design flaw to me.
Paging Dayglo Red to the ER...
Regular software can’t do that, but anti-virus software needs extra access.
MSFT uses Crowd Strike security software.
A Crowd Strike update crashed parts of MSFT Azure - their Cloud software - and parts of Windows 365 - a suite of MSFT software applications.
I use Azure and 365, and both of them briefly (minutes) crashed on Wednesday and Thursday.
Why aren’t there lower level layers in the Windows operating system that nothing but the operating system can access?
I did the same early this morning, around 3:30. FR was the only thing I could access. I rebooted and everything seems fine. I can’t find a Crowdstrike folder anywhere.
Question 2: why aren’t there safeguards running in protected lower levels of windows that protect against this?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.