Home Cyber Security News Big Breaking! CrowdStrike Update Triggers Endless BSOD Loop on Windows

Big Breaking! CrowdStrike Update Triggers Endless BSOD Loop on Windows

0
CrowdStrike Update

A significant incident occurred when a recent update to CrowdStrike’s Falcon sensor caused widespread disruptions for Windows users worldwide.

The update has resulted in numerous Windows machines experiencing Blue Screen of Death (BSOD) loops, effectively rendering affected systems inoperable.

A global outage has wreaked havoc across various sectors, including banking, airlines, broadcasting, and IT services, following a problematic update from cybersecurity provider CrowdStrike.

The update, intended to enhance security measures, led to a destructive failure, causing Windows systems to enter an endless Blue Screen of Death (BSOD) loop.

The BSOD error, triggered by an internal stack overflow, has affected machines worldwide and caused significant disruptions.

This incident underscores the far-reaching impact that a single software update can have on global infrastructure. It also highlights the crucial importance of rigorous testing and verification processes in deploying software updates to prevent such widespread issues.

Organizations are scrambling to mitigate the damage and restore normal operations, while CrowdStrike is urgently working on a fix to resolve the problem.

What happened

According to a Cyber Security News report, The problem affects Windows 10 and 11 systems running CrowdStrike’s endpoint security software. Users have reported repeated BSODs with the error message “DRIVER_OVERRAN_STACK_BUFFER,” which prevents normal system boot and operation.

This issue has severely impacted enterprise customers, with some organizations reporting thousands of affected devices, including critical production servers and SQL nodes.

CrowdStrike has officially acknowledged the problem, stating they are “aware of reports of crashes on Windows hosts related to the Falcon Sensor” and that their engineering teams are actively working to resolve the issue.

The scale of this incident has sent IT departments scrambling to mitigate the damage. Some have resorted to removing CrowdStrike-related files from affected systems in an attempt to restore functionality.

The company has advised affected users not to open individual support tickets at this time, likely due to the volume of affected systems and to streamline their response efforts.

This event has highlighted the potential risks associated with automatic updates for security software, especially in enterprise environments.

Many affected users are now calling for more rigorous testing procedures and the implementation of staged rollout policies to prevent similar incidents in the future.

However, the update issue at CrowdStrike appears to have directly affected Windows systems worldwide, with laptops showing an error screen known as the “blue screen of death”.

“CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor,” CrowdStrike said in a recorded phone message.

CrowdStrike’s chief threat hunter shared a tweet in X said, “There is a faulty channel file, so not quite an update.”

Airlines, broadcasters, telecom firms and banks were among the many businesses that reported issues Friday, although it was not immediately clear what was causing each issue.

“The US Aviation Authority has required all flights to land due to a technical computer glitch.”

Microsoft has confirmed that it is investigating an “issue” affecting its 365 apps and operating systems, warning users to expect “service degradation.”

“CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts,” says CrowdStrike CEO George Kurtz in a post on X. “Mac and Linux hosts are not impacted. This is not a security incident or cyberattack.”

U.S. cybersecurity company CrowdStrike has acknowledged responsibility for the error, stating that they are “working on it.” Experts suggest that a “buggy” security update may have triggered the problem but caution that it is too early to “rule out” a cyberattack.

Affected Countries by the July 2024 Global Cyber Outages

Outages have been reported globally. With many IT systems around the world depending on Windows and CrowdStrike software, numerous business sectors have experienced disruptions. Additionally, over 1,000 flights worldwide have been canceled.

Here is the table detailing the impact of IT disruptions in various countries:

CountryImpact
AustraliaMedia, airlines, supermarkets, banks, and hospitals impacted
BelgiumTrain ticket sales, digital announcements, media, banks, airports, and government services disrupted
CanadaTD Canada Trust app and Vancouver International Airport affected
ChinaWidespread blue screens, some businesses allowed early dismissal
CroatiaHealth information system and air traffic control issues
Czech RepublicPrague Airport affected
FranceTV channels and Paris Olympics systems disrupted
GermanyBerlin Airport halted flights, Lufthansa affected, hospital operations canceled
HungaryBudapest Airport issues
Hong KongAirport check-in delays, airline booking systems down
IndiaMajor airlines and IT firms impacted
IsraelEmergency services, hospitals, and banks affected
JapanSpring Japan airline experiencing issues
MalaysiaKTMB railway ticketing system issues
NetherlandsSchiphol airport, banks, and medical services disrupted
New ZealandBanks, supermarkets, Auckland Transport, and Christchurch Airport affected
PhilippinesMajor banks, telecommunications, airlines, and government website down
South AfricaBanking issues
South KoreaJeju Air experiencing issues
SingaporeChangi Airport delays, various service disruptions
SpainNational airport traffic control IT outage
SwitzerlandZurich Airport halted landings
United KingdomNews channels, airports, rail companies, NHS, and various services disrupted
United StatesAirline ground stops, 911 service disruptions, Microsoft and CrowdStrike shares dropped

Identifying Affected Systems

For those concerned about whether their systems are affected, there are several ways to check:

  1. Boot into Safe Mode and check the CrowdStrike Falcon sensor version. The problematic update seems to be affecting various sensor versions, including version 6.58.
  2. Check the installation date of the CrowdStrike Falcon sensor. If it coincides with the onset of BSOD issues (around July 19, 2024), it’s likely to be the cause.
  3. Look for the specific BSOD error message “DRIVER_OVERRAN_STACK_BUFFER,” which is associated with this issue.

While CrowdStrike works on a permanent fix, some users have reported success with the following workaround:

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys” and delete it
  4. Boot the host normally

It’s important to note that this workaround is not officially verified, and users should proceed with caution and await official guidance from CrowdStrike.

As the situation develops, CrowdStrike is expected to provide further updates and a permanent fix for the issue. In the meantime, affected users are advised to monitor official CrowdStrike communication channels for guidance on recovery procedures and temporary workarounds.

This incident serves as a stark reminder of the delicate balance between security and system stability, especially in the context of widely deployed enterprise software. It underscores the need for robust testing procedures and carefully managed update processes in the cybersecurity industry.

As organizations worldwide grapple with the fallout from this update, the incident is likely to spark discussions about best practices for software updates in critical systems and the need for failsafe mechanisms to prevent such widespread disruptions in the future.

Follow us on LinkedIn for Exclusive Security Research and Updates.

NO COMMENTS

LEAVE A REPLY

Please enter your comment!
Please enter your name here