I’m sure you’ve probably heard by now that CrowdStrike recently released an update that is causing Windows servers worldwide to blue screen.
I’m curious what the remediation process looks like. Are admins having to perform a fresh OS install, or what other options are there?
Basically users need to login via safe mode and delete a registry key.
Miscreants are watching and taking notes.
Yeah, this is a big deal since anyone who needs their system fixed will have local admin rights to their system without supervision most likely.
I can confirm, been up all night getting our 911 center back up. Boot into safe mode and rename c:\windows\system32\drivers\Croudstrike folder to prevent it from starting at boot.
I had 1 major hangup with a host running VMware. It doesnt seem to mount the drive to the VM until boot. I ended up spinning up a new VM that would boot and temporarily mounting the other drives to do the workaround. I had no issue with getting the HyperV systems back up.
This affects all servers and desktops running Windows/Crowdstrike.
on a positive note, my *nix/BSD based systems are not affected.
From CrowdStrike:
Engineering has identified a content deployment related to this issue and reverted those changes.
Workaround Steps:
Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it.
Boot the host normally.
Yea, and don’t forget the drives bitlocker key (you do know where it is don’t you?) Windows 11 also hides safemode and may require 3 failed boots to access. Chase Bank branches around here will be down at least until this coming Thursday. Other than transactions by ATM, all teller transactions or other services requiring computers are being recorded and done by hand.
I can’t believe CrowdStrike was stupid enough to hire the CTO of McAffe as their CEO that was responsible for their global meltdown in 2010. Must have gotten him at a bargain barrel price. Just goes to show, you rise to the level of your incompetence.
Georger Kurts is the founder of Crowdstrike, so I guess you could say he hired himself.
August 27 will be an interesting day to see if they take a financial hit or not.
Shares already took a hit, but have since calmed down and are currently even trending upwards. When it comes to revenue, there won’t be a hit yet, if anything, they may report slightly worse numbers after Q3 because a) customers don’t switch endpoint protection vendors that quickly, b) many probably paid upfront, and c) there probably won’t be as many customers jumping ship as you might think.
I bought a chunk of stock Monday when I saw it was down 25%, expecting it to go back up. It’ll likely take months, but could be a nice return.
Just checked my returns and I am up about 20%.
Now I’m up 44%. I’ll probably hold this position for a while.
