Crowdstrike's disasterpiece!

By Luca Arena

As you should may know, last Friday, CrowdStrike faced a significant incident when a faulty update to its Falcon sensor configuration caused widespread IT outages globally. 

The update, which was deployed on July 19, 2024, between 04:09 and 05:27 UTC, included a configuration error in Channel File 291 that led to system crashes on Windows machines running the affected version of the Falcon sensor. This error caused the infamous "blue screen of death" (BSOD), resulting in severe disruptions for businesses worldwide, including banks, airlines, and other critical sectors​.

The faulty update specifically targeted named pipes used by common command and control (C2) frameworks in cyberattacks. However, a logic error in the update's configuration triggered system crashes, rendering affected systems inoperable. Devices with Windows' BitLocker encryption enabled faced additional challenges, as recovering from the crash required access to recovery keys often stored on servers that had also crashed​.

Microsoft estimated that approximately 8.5 million devices were impacted, making this one of the largest IT outages in history. Remediation efforts involved booting affected machines into safe mode or using the Windows Recovery Environment to delete the problematic configuration file. CrowdStrike and Microsoft worked together to provide recovery tools and guidance to affected users​ (Wikipedia)​.

The outage also opened opportunities for cybercriminals to exploit the situation. Reports indicated that threat actors were distributing malicious files disguised as fixes for the issue, particularly targeting CrowdStrike customers in Latin America​.

CrowdStrike has since resolved the logic error and released updated guidance to prevent future occurrences. The company is also conducting a thorough root cause analysis to strengthen its processes and prevent similar incidents​.

Comments

Post a Comment

Popular posts from this blog

How to delete multiple devices at once on Intune

By Luca Arena
In Microsoft Intune, you can delete multiple devices by creating and applying a device cleanup policy or by removing devices manually using the Intune admin console. Here are two methods to delete multiple devices in Intune: Method 1: Using Device Cleanup Policy (Recommended) Create a Device Cleanup Policy : Sign in to the Microsoft 365 Device Management portal ( https://devicemanagement.microsoft.com/ ). Go to "Devices" > "Device cleanup policies." Click on "Create policy." Configure the policy settings, such as the number of days a device should be inactive before deletion and whether to notify users before deletion. You can also choose to exclude specific device groups. Save the policy. Assign the Policy : After creating the policy, assign it to the desired group of devices or users. This will determine which devices will be subject to the cleanup policy. Monitor and Verify : Over time, Intune will automatically evaluate the devices based on the poli...
Read more

Troubleshooting CrowdStrike Falcon Issues on macOS 15: What’s Going On?

By Luca Arena
# Troubleshooting CrowdStrike Falcon Issues on macOS 15: What’s Going On? Hey there, fellow Mac users! If you’ve recently upgraded to macOS 15 and are using CrowdStrike Falcon, you might have noticed some hiccups. You’re definitely not alone. Let’s dive into some of the issues folks are facing and what you can do to keep your Mac running smoothly. ## 1. Performance Slowdowns One of the biggest complaints is the dreaded slowdown. Many users have noticed that their Macs feel sluggish after installing CrowdStrike Falcon on macOS 15. Apps may take longer to launch, and system responsiveness can be hit or miss. **What to Do:**   First things first—check your Activity Monitor to see if Falcon is hogging resources. If it is, try restarting your Mac to clear things up. If the problem persists, consider reaching out to CrowdStrike support for potential configuration tweaks. ## 2. Compatibility Quirks CrowdStrike Falcon is usually pretty reliable, but with a new OS, compatibility can ge...
Read more

Sequoia new features for dummies

By Luca Arena
As is well known, everywhere you can find articles raving about fantastic reviews of the new features that will be present in Macos 15. For those in a hurry, I will try to throw out a very quick list of incoming features: Apple has recently unveiled macOS 15, named Sequoia, after the iconic Californian National Park. This update brings a host of new features and improvements designed to enhance the Mac experience. Here are some of the highlights: **1. iPhone Mirroring**: One of the standout features is iPhone Mirroring, which allows users to display and interact with their iPhone screen directly on their Mac. This feature supports full control of the iPhone, including app usage and audio routing, making it a seamless integration between devices4. **2. Enhanced FaceTime Backgrounds**: The latest update, macOS 15.1, introduces new FaceTime backgrounds inspired by the scenic views of Apple Park. These backgrounds aim to make video calls more engaging and visually appealing12. **3. Improve...
Read more