CrowdStrike Provides Remediation Guidance After Software Update Causes Worldwide IT Chaos

Share This Post

CrowdStrike early Saturday provided additional technical information and remediation guidance to help organizations impacted by the faulty software update that trigged massive IT outages across the global economy on Friday.  

The cybersecurity firm said late Friday that ​a routine sensor configuration update pushed to Windows systems on July 19, 2024 at 04:09 UTC triggered a logic error that blue-screened critical computer systems around the world.

In an update Saturday morning, the cybersecurity firm provided a tech alert with more information about the issue and workaround steps organizations can take.

  • Channel file “C-00000291*.sys” with timestamp of 0527 UTC or later is the reverted (good) version.
  • Channel file “C-00000291*.sys” with timestamp of 0409 UTC is the problematic version.
  • Note: It is normal for multiple “C-00000291*.sys files to be present in the CrowdStrike directory – as long as one of the files in the folder has a timestamp of 0527 UTC or later, that will be the active content.

The company reiterated that Mac and Linux systems were not impacted by the glitch.

Remediation Information

For companies still experiencing Windows hosts that are still crashing and unable to get online to receive the required update, CrowdStike provided workaround steps.

The company also said a Dashboard is now available that displays Impacted channels and CIDs and Impacted Sensors, which is available in the Console menu at depending on your subscriptions.

Additional remediation resources and quick links from CrowdStrike and other technology vendors:

CrowdStrike Founder and CEO George Kurtz warned that adversaries and bad actors will try to exploit events like this. “I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives,” Kurtz wrote in a blog post. “Our blog and technical support will continue to be the official channels for the latest updates.”

The company says the issue does not affect its Falcon platform systems, and if customer systems are operating normally, there is no impact to their protection if the Falcon sensor is installed. Falcon Complete and OverWatch services were not disrupted by the faulty update.

Advertisement. Scroll to continue reading.

This incident, described in the mainstream media with words such as “chaos” and “disaster”, could turn out to be one of the worst cyber failures in history.

Additional news coverage from SecurityWeek and around the web:

This post was originally published on this site

More Articles
Article

Navigating SEC Regulations In Cybersecurity And Incident Response

Free video resource for cybersecurity professionals. As 2024 approaches, we all know how vital it is to keep up to date with regulatory changes that affect our work. We get it – it’s a lot to juggle, especially when you’re in the trenches working on an investigation, handling, and responding to incidents.

Report

Harassment or bullying behavior
Contains mature or sensitive content
Contains misleading or false information
Contains abusive or derogatory content
Contains spam, fake content or potential malware

Block Member?

Please confirm you want to block this member.

You will no longer be able to:

  • See blocked member's posts
  • Mention this member in posts
  • Invite this member to groups
  • Message this member
  • Add this member as a connection

Please note: This action will also remove this member from your connections and send a report to the site admin. Please allow a few minutes for this process to complete.

Report

You have already reported this .