A software issue with cybersecurity provider CrowdStrike is believed to be behind a global IT disruption that paralyzed thousands of Microsoft windows computer systems.
The failure caused widespread disruption across the world, landing flightsshutting down financial services and forcing broadcaster Sky News to pause its live programming.
What happened?
In the early morning hours of Friday (July 19), several Windows devices began to freeze and show users a blue screen of death (BSOD) error.
CrowdStrike has been linked to interruptionwith the company recognizing a problem with its flagship Falcon product shortly after the system flaw was revealed. Here’s what you need to know about the company blamed for global technological disruption.
What is CrowdStrike?
US-based CrowdStrike is one of the most popular cybersecurity providers in the world, with a market capitalization of $83.48 billion (£64.62 billion).
To give you an idea of the size of the company, CrowdStrike said it had 29,000 subscribers worldwide at the end of 2023, including more than 580 customers with businesses worth $1 million (£774,000).
CrowdStrike’s flagship product is Falcon, a cloud-based software designed to keep hackers off your work computer. Think of it as a little guard installed inside your computer that constantly monitors suspicious activity and sends that information back to the CrowdStrike command center in the cloud for analysis using AI.
If a threat is detected, Falcon can take immediate action by quarantining infected files or devices, blocking access to questionable websites or networks, or terminating any malicious processes.
What did CrowdStrike say about the outage?
On Friday, CrowdStrike said a “faulty channel file” was to blame for problems with its service after initially confirming the errors on Windows devices.
The announcement followed multiple reports that a failed update released by the company had crippled Windows PCs around the world, destroying airports, banks and supermarkets.
Computers Those affected by the change are getting a blue screen error, which means they are trying to reboot but are unable to do so and are therefore rendered useless.
CrowdStrike threat hunting director Brody Nisbet said on X (formerly Twitter): “There is a faulty channel file, so it’s not exactly an update.”
The clarification suggests that a specific file responsible for how the software communicates and obtains updates was broken or misconfigured, rather than a faulty update, which occurs when a new version of software has bugs or issues.
Although the error has apparently now been fixed by the company, “it is still in the system and will take some time to eliminate,” according to James Davenport, professor of information technology at Hebron and Medlock, University of Bath.
What did the authorities say?
The outage was first reported in Australia, and the country’s national body cyber security The coordinator released a statement on X, saying he was aware of a large-scale technical outage that affected multiple companies and services.
I am aware of a large-scale technical outage affecting multiple businesses and services across Australia this afternoon.
Our current information is that this outage is related to a technical issue with a third-party software platform employed by the affected companies.
— National Cyber Security Coordinator (@AUCyberSecCoord) July 19, 2024
“Our current information is that this outage is related to a technical issue with a third-party software platform employed by the affected companies,” the statement reads.
What do experts say about the interruption?
More broadly, experts are largely convinced that the global disruption is not due to a cyberattack. Still, they say the scale of the problem is unprecedented, largely due to the ubiquity of CrowdStrike Falcon and its high-level control over Windows PCs.
“This software is pervasive – on many if not all machines of a given type – so a flaw in the security software could bring down many computers at the same time,” said Professor McDermid, from the Institute for Safe Autonomy at the University from York.
“Falcon is a very privileged piece of software, as it is capable of influencing the behavior of the computers on which it is installed,” said Toby Murray, associate professor at the School of Computing and Information Systems at the University of Melbourne.
“This has become a global phenomenon because CrowdStrike is a very large company and many companies and organizations use it to detect and protect against threats,” said Dave Parry, dean and professor at the School of IT at Murdoch University in Perth. , Australia.
Prof Parry continued: “The issue will affect a very large number of machines across the world. It is not a cyber attack, but it is just an interaction between two pieces of software.”
What to do if your Windows PC is down?
Want to know how to fix your malfunction PRAÇA? Nisbet from CrowdStrike posted a partial solution that may solve the problem, provided you have the IT skills to implement it.
There is a faulty channel file, so it’s not exactly an update.
There is a workaround…
1. Boot Windows into Safe Mode or WRE.
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Locate and delete the file corresponding to “C-00000291*.sys”
4. Boot normally.1/2
-Brody (@brody_n77) July 19, 2024
The solution, which involves deleting a specific file on affected computers, is as follows:
1. Boot Windows into Safe Mode or Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file corresponding to “C-00000291*.sys” and delete it.
4. Boot the host normally.
However, Professor Davenport warns that affected users should not reboot or reboot their machines until they get approval from CrowdStrike and CrowdStrike. Microsoftadding: “Do not accept statements like ‘disappeared’.”
/cdn.vox-cdn.com/uploads/chorus_asset/file/25537887/STK275_CROWDSTRIKE_CVIRGINIA_D.jpg?w=300&resize=300,300&ssl=1 "CrowdStrike Received ‘Most Epic Fail’ Award at Hacker Conference Def Con")
