Endpoint security company Crowdstrike has released an update that causes widespread "Blue Screens of Death" (BSOD) on Windows systems. Crowdstrike has published an advisory that is only available after logging into the Crowdstrike support platform.
Some reports we have seen suggest that there may be phishing emails circulating claiming to be from "Crowdstrike Support" or "Crowdstrike Security." At this point, I don't have any examples, but the attackers are likely taking advantage of the large amount of media attention. Please be cautious of "patches" that may be delivered this way.
A domain that may be associated with these phishing attacks is: crowdfalcon-immed-update [ .] com
Linux and MacOS systems are not affected by this issue.
The quickest solution seems to be to boot the system into "Windows Safe Mode with Networking". This way, Crowdstrike will not start, but the current version can be downloaded and applied, which will resolve the issue. This "quick version" of the fix is not part of Crowdstrike's recommendations, but may be worth a try if you have many systems to apply the fix to, or if you need to walk a non-computer savvy person through the procedure. Some users have reported
Casimir Pulaski (@cybermactex) mentioned on X that a simple reboot sometimes works if the last update was downloaded before the system crashed.
The Support Portal Statement provides the following steps to get affected systems back up and running:
CrowdStrike Engineering has identified a content deployment related to this issue and has reverted these changes.
Workaround steps:
1 - Start Windows in Safe Mode or Windows Recovery Environment
2 - Navigate to C:WindowsSystem32driversCrowd
3 - Find the file that matches "C-00000291*.sys" and delete it.
4 - Restart the host normally.
On a Bitlocker-protected system, you must provide the recovery key to delete the file.
Virtual systems are easier to repair because you should be able to simply shut them down, mount the virtual disk on the host or another virtual system (Linux? ;-) and remove the file.
The outages caused by this issue are widespread, with users reporting problems with airports, 911 systems, banks, and media outlets on X. Please be patient with businesses/workers affected by the issue.
This is not the first time security software has caused system crashes. Often these problems are due to false positives that mark system files as malicious.
Comentarios