1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Millions of Windows servers down after CrowdStrike update - How i

    From TechnologyDaily@1337:1/100 to All on Fri Jul 19 12:00:06 2024
    Millions of Windows servers down after CrowdStrike update - How it happened and how to fix

    Date:
    Fri, 19 Jul 2024 11:52:35 +0000

    Description:
    An update to Crowdstrike's Falcon sensor has caused millions of servers to BSOD

    FULL STORY ======================================================================

    If you're managing Windows servers you may need to cancel your weekend plans as a CrowdStrike update has caused millions of Windows servers to BSOD / boot loop. It appears that this is not a security incident or attack and only affects Windows hosts. Linux and Mac are not affected.

    The issue was first reported 19:00 UTC on the 18th of July and was acknowledged by CrowdStrike in the early hours of 19th July.

    Reader offer: Get up to 60% on VPS hosting with Hostinger

    Enjoy a host of benefits with Hostinger's plans - dedicated IP shields from DDoS attacks, automated backups for easy restores, ensuring uninterrupted gaming regardless of your configuration. Level up your gaming journey with Hostinger today.

    Preferred partner( What does this mean? ) View Deal

    CrowdStrike says, "CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack." And added, "the issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website." (Image credit: CrowdStrike)

    The good news is that a fix has already been found. The bad news is that as servers are not booting it is likely that a large number of servers around
    the globe will require manual intervention. CrowdStrike gave the following instructions on how to fix the issue. Boot Windows into Safe Mode or the Windows Recovery Environment Navigate to the C:\Windows\System32\drivers\CrowdStrike directory Locate the file matching C-00000291*.sys* and delete it Boot the host normally

    Microsoft then issued further advice We recommend customers that are able to, to restore from a backup from before 19:00 UTC on the 18th of July Alternatively, attempt to repair the OS disk offline. Attach a disk to VM for offline repair (Encrypted disks may need further instructions) Once the disk is attached delete the Windows/System/System32/Drivers/CrowdStrike/C00000291*.sys file We can
    confirm the affected update has been pulled by CrowdStrike. Customers that
    are continuing to experience issues should reach out to CrowdStrike for additional assistance. Who is affected by the CloudStrike update?

    The CrowdStrike update has affected Virtual Machines running Windows Client and Windows Servers running the CrowdStrike Falcon agent. Personal PCs
    running Windows are not affected.




    It's not yet knows exactly how many machines have been affected but it's already had a large impact on the globe especially in Europe with Visa, Amazon, and Microsoft all reporting issues. There have also been reports of airlines and hospitals having issues. Many in the western hemisphere are yet to wake up to discover what impact the issue has had to their business. How
    to fix the CrowdStrike issue?




    Essentially, you need to delete the file matching C-00000291*.sys

    You can do that by

    1. Boot Windows into Safe Mode or the Windows Recovery Environment

    2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

    3. Locate the file matching C-00000291*.sys and delete it

    or

    You may need to manually remove /update the OS disk
    What is CrowdStrike?

    CrowdStrike is a cyber security company that make software used by some of
    the largest companies and institutions around the world including hospitals, airports, banks, and many businesses listed in the Fortune 500.
    You might also like Best managed WordPress hosting Best Windows hosting
    Linux vs Windows Hosting



    ======================================================================
    Link to news story: https://www.techradar.com/pro/website-hosting/millions-of-windows-servers-down -after-crowdstrike-update-how-it-happened-and-how-to-fix


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)