Posted on 07/19/2024 5:16:04 AM PDT by tarpit
For the techies…. On Friday 19 July 2024, Microsoft reported that it suffered a major outage for many Azure services. This affected airlines, banks and media:…
CrowdStrike have already published a patch for Falcon Sensor, and which affects all of CrowdStike’s customers:
Restart Windows and boot into Troubleshooting mode 2. Open a command prompt 3. Go to C:\Windows\System32\drivers\CrowdStrike 4. Locate the file matching “C-00000291* sys”, and delete it. 5. Continue normal startup Overall, it looks like the Falcon Sensor bug caused Azure services to glitch, and which caused many systems around the world to fall-over.
(Excerpt) Read more at medium.com ...
Likewise, but my company is going to it, quickly.
The college I work at was affected. Servers and all windows machines on campus went down. Fortunately, I took my computer home yesterday and don’t have to go it today.
Probably a test run by the code inserter.
Well said.
I have a jail broken Windows 11 install, but that can break with any update that Microsoft makes.
Not personally, but I heard on the way to work that MA General Hospital cancelled all surgeries that were not an emergency.
Everyone should guard their phone number as one should guard their social security number.
CROWDSTRIKE???? A DEMOCRAT ALLIED COMPANY.....hmmmmmmm.
Yeah. Me.
IT guy just told us to head home for the day. He’s in the other room trying to hammer out a fix.
Daughter forwarded me a workaround that her IT guys at her job sent her.
But not to worry anyone but crowdstrike says this is definitely not a Cyber attack.
Definitely not a Cyber attack.
Definitely not a Cyber attack.
Flights are grounded. From my workplace, many sporting events may not go on the air tonight...
... But I’m fine.
It’s fine.
Everything is fine.
Fox reporting Delta is back up in Atlanta
where?
testing testing resting
I’m guessing this is why I cannot log into my online banking and their help desk link is 404....?
Like most bad ideas, the FedGov really likes it.
Similar, but there are instructions on how to fail the Microsoft account requirement during Windows 11 setup, getting you the fallback local account, like you could still have with Windows 10.
I don’t get that OneDrive coming back. It can’t log into it, anyway, with only local account privileges.
Just checked my machines on Azure. They’re all okay—because I stopped and deallocated them to turn off billing, LOL! I still use them to teach classes, but I’m not teaching this month. Also, I don’t use Hillary’s Crowdstrike crap.
Meanwhile, on Service Health Emerging Issues page is the following (with a fix proposed):
Emerging issues
1 issue
Awareness - Virtual Machines
We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD) and get stuck in a restarting state. We approximate impact started around 19:00 UTC on the 18th of July. Additional details from CrowdStrike are available here: Statement on Windows Sensor Update - crowdstrike.com Update as of 10:30 UTC on 19 July 2024: We have received reports of successful recovery from some customers attempting multiple Virtual Machine restart operations on affected Virtual Machines. Customers can attempt to do so as follows: Using the Azure Portal - attempting ‘Restart’ on affected VMs Using the Azure CLI or Azure Shell (https://shell.azure.com) https://learn.microsoft.com/en-us/cli/azure/vm?view=azure-cli-latest#az-vm-restart We’ve received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage. Additional options for recovery: We recommend customers that are able to, to restore from a backup from before 19:00 UTC on the 18th of July. Customers leveraging Azure Backup can follow the following instructions: How to restore Azure VM data in Azure portal Alternatively, customers can attempt repairs on the OS disk by following these instructions: Troubleshoot a Windows VM by attaching the OS disk to a repair VM through the Azure portal Once the disk is attached, customers can attempt to delete the following file: Windows/System32/Drivers/CrowdStrike/C00000291*.sys The disk can then be attached and re-attached to the original VM. We can confirm the affected update has been pulled by CrowdStrike. Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance. Additionally, we’re continuing to investigate additional mitigation options for customers and will share more information as it becomes known.
I just finally got a generic text from my employer, who uses crowdstrike for security. Basically telling us that our computer may be a brick temporarily, but IT is working on it. They have these computers locked down tighter than a bank vault, so there it is unlikely that we would even be allowed to start them in “safe” mode, let alone delete a file.
Frankly, I’m surprised that our people didn’t vet this update before it made its way to the corporate network. Thankfully, the more critical functions are on a completely separated network where they DO vet every update.
Perhaps the people at Crowdstrike need to learn to code.
You should go to the Microsoft Community Hub and ask the experts there. There’s a ton of expert MVPs who answer and help. They’re not paid by Microsoft—in fact, helping there gets them creds for their status.
https://techcommunity.microsoft.com/
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.