Posted on 07/19/2024 1:10:25 AM PDT by ifinnegan
Falcon Sensor putting hosts into deathloop - but there's a workaround icon Simon Sharwood Fri 19 Jul 2024 // 06:46 UTC UPDATED An update to a product from infosec vendor CrowdStrike is bricking computers running Windows.
The Register has found numerous accounts of Windows 10 PCs crashing, displaying the Blue Screen of Death, then being unable to reboot.
“We're seeing BSOD Org wide that are being caused by csagent.sys, and it's taking down critical services. I'll open a ticket, but this is a big deal,” wrote one user.
Forums report that Crowdstrike has issued an advisory with a URL that includes the text "Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19" – but it's behind a regwall that only customers can access.
Two reasons:
1) CrowdStrike (of Hillary infamy) is a system protection service like McAfee or Norton. Even in a more closed system (think business Windows, not consumer Windows), the agreement with the OS is that certain security providers should be allowed access with the idea that the users/business IT team bought those services to provider better security than the default Windows security built into the OS.
2) There's a lot of personal clash between normal users and IT departments, often from normal users not having the rights to install whatever apps they want, with the IT departments losing the argument to management and giving more users admin rights to break their computers. (Perhaps from my bias you can tell which side of that argument I've heard the most. LOL)
Crowd Strike stock (CRWD) is down almost 12% in After Hours trading.
CRWD was down 3.35% yesterday.
CRWD market cap was around $85 billion at the open on Thursday.
As I write this, it is now below $75 billion.
MSFT is down 1.4% in After Hours. MSFT was down 0.7% yesterday.
“C:\Windows\System32\drivers\CrowdStrike directory”
Don’t have that directory on my work laptop, nothing at work seems to be down. I am fairly sure we do not push out bleeding edge updates.
I have a company laptop that I KNOW has crowdstrike stuff on it. I’ll be leaving it turned off. Might even block it from my router for now.
Then again, it might be fun to “brick” it by letting the update, assuming it’s still out there, take place. Getting even with “the man”. Who knows - maybe it did so already anyway.
seriously, not taking a chance. I’m off today so no real need to log in anyway.
As far as I know, Crowd Strike protects Microsoft internal systems.
As far as I know, Crowd Strike is not on consumer computers, unless you actually install it.
“The timing is too coincidental what with the assassination attempt and biden “catching” Covid.”
The grand masters running the DNC are getting desperate. China is probably threatening to change out their leadership Stalin style.
Interesting - I logged into my router to see if I could block my corporate laptop - it’s turned off and so is not listed as active so I can’t block it right now.
There was a firmware update available - I’ll have to read up on that before I install it. Don’t really want any rogue stuff on my router.
What is CrowdStrike?
Is it something the user installs on purpose, or a nefarious hack?
(Hopefully, it doesn’t care about Windows 7.)
“impacting banks, airlines,”
Maybe focusing on flights out of Milwaukee...? ;)
What is Crowd Strike?
Crowd Strike was originally corporate software security.
If they are now in the consumer business, I am hearing that for the first time.
There are Kernel layer and User layer and antivirus runs in Kernel layer.
It’s a system used on large internet servers. It’s not something you would have on your local PC.
Whew. They don’t care about us in our house then.
I think that if I were an IT Administrator I’d be leery of any company with “strike” in its name. Doesn’t give off warm fuzzies.
Yup. Affecting my systems this morning. NO feeds coming in from some vendors to update batch.
Whew! Thanks, FRiend!
There is no CrowdStrike directory in my C:\Windows\System32\drivers\ (W/11, 23h2), while I also usually delay updates for 5 weeks. And prevent some. Thank God, no issues.
Same. Bricked two of my laptops.
Luckily our SAP Production machine is back up, but our Development and Quality Assurance machines are down hard. Not much I can do today (as an SAP software Developer/Analyst). Of course I have a variety of “hair on fire” projects that are “critical” to get done by today.
Yeah, and get rid of that stupid electricity. And auty-mobiles.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.