On July 19, 2024, CrowdStrike encountered a significant issue affecting Windows hosts due to a defect in a content update.
While this problem has caused inconvenience for many users, CrowdStrike is working diligently to resolve the matter. It is trying to ensure the security and stability of its customers’ systems.
This post will explain the situation, what CrowdStrike is doing, and offer guidance for affected users.
Understanding the Issue
CrowdStrike identified a defect in a content update that specifically impacted Windows hosts. Importantly, this issue did not affect Mac or Linux hosts, and it was not a result of a cyberattack.
The problem manifested as bugcheck/blue screen errors related to the Falcon Sensor on Windows systems.
CrowdStrike’s Response
CrowdStrike quickly moved to isolate the issue and deploy a fix. The company is actively collaborating with affected customers to restore normal operations.
The company advised customers to stay updated via the CrowdStrike support portal. They should also communicate with CrowdStrike representatives through official channels.
Current Status and Actions Taken
As of 9:22 am ET on July 19, 2024, CrowdStrike has successfully identified and isolated the defective content update. The problematic channel file has been reverted, and a fix is now in place.
For customers whose systems are operating normally, there is no impact on the protection provided by the Falcon Sensor.
Technical Details and Workarounds
For those experiencing issues, CrowdStrike has provided specific guidance to resolve the problem:
Symptoms:
- Bugcheck/blue screen errors on Windows hosts due to the Falcon Sensor.
- Only Windows hosts are affected; Mac and Linux hosts remain unaffected.
- Windows 7/2008 R2 hosts are not impacted.
Immediate Actions:
- The problematic channel file has been reverted to a stable version.
Workaround Steps for Individual Hosts:
- Reboot the host to allow it to download the reverted channel file.
- If the host continues to crash, boot Windows into Safe Mode or the Windows Recovery Environment.
- Connect to a wired network and use Safe Mode with Networking for easier remediation.
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory.
- Locate and delete the file matching C-00000291*.sys.
- Boot the host normally.
Workaround Steps for Virtual/Public Cloud Environments:
- Detach the operating system disk volume from the impacted virtual server.
- Create a snapshot or backup of the disk volume as a precaution.
- Attach/mount the volume to a new virtual server.
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory.
- Locate and delete the file matching C-00000291*.sys.
- Detach the volume from the new virtual server and reattach it to the impacted virtual server.
Ongoing Support and Communication
CrowdStrike is fully mobilized to ensure the security and stability of its customers. The company emphasizes the importance of staying informed through the support portal.
They also stress using official communication channels. Continuous updates will be provided on their website as new information becomes available.
FAQ: CrowdStrike Update Issue
1. What caused the recent issues with CrowdStrike on Windows hosts?
A defect in a single content update for Windows hosts caused the recent disruptions. This defect led to crashes and error screens, commonly known as the “blue screen of death.”
2. Are Mac and Linux hosts affected by this issue?
No, the defect only impacted Windows hosts. Mac and Linux systems remain unaffected.
3. Was this a cyberattack?
No, this was not a cyberattack. The issue was caused by a defect in a content update.
4. What steps has CrowdStrike taken to resolve the issue?
CrowdStrike has identified the problem, isolated the defect, and deployed a fix. They have reverted the problematic update and are actively working with affected customers to resolve any remaining issues.
5. How can I stay updated on the situation?
Customers should stay updated via the CrowdStrike support portal. It is also recommended to communicate with CrowdStrike representatives through official channels.
6. What should I do if my Windows host is experiencing issues?
If your Windows host is experiencing issues, follow these steps:
- Reboot the host to allow it to download the reverted channel file.
- If the host crashes again, boot into Safe Mode or the Windows Recovery Environment.
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory and delete the file matching “C-00000291*.sys”.
- Boot the host normally.
7. Are there specific instructions for virtual or public cloud environments?
Yes, for virtual or public cloud environments, follow these steps:
- Detach the operating system disk volume from the impacted virtual server.
- Create a snapshot or backup of the disk volume.
- Attach/mount the volume to a new virtual server.
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory and delete the file matching “C-00000291*.sys”.
- Detach the volume from the new virtual server and reattach it to the impacted virtual server.
8. What if my host is running Windows 7/2008 R2?
Hosts running Windows 7/2008 R2 are not impacted by this issue and require no action.
9. How can I ensure my systems remain protected during this time?
If your systems are operating normally, there is no impact on their protection if the Falcon Sensor is installed. Ensure you follow CrowdStrike’s guidance and stay connected through official channels for the latest updates.
10. Where can I find more information and updates?
Visit the CrowdStrike support portal for the latest information and updates. CrowdStrike will continuously provide complete updates on their website.
Conclusion
The recent defect in the content update has caused disruptions. However, CrowdStrike’s swift response and proactive measures demonstrate their commitment to customer security and satisfaction.
Affected customers can navigate this issue effectively and restore normal operations by following the provided guidance. Staying connected through official channels is also crucial.
CrowdStrike remains dedicated to maintaining the highest standards of protection. They also provide excellent support for all their users.
You may also like to read:
CrowdStrike Update Grounds Airlines Worldwide: How Safe Is Your Data Now?