Cyber security news July 2024

This posting is here to collect cyber security news in July 2024.

I post links to security vulnerability news to comments of this article.

You are also free to post related links to comments.

322 Comments

  1. Tomi Engdahl says:

    Maailmanlaajuinen IT-kaaos – Lentokoneet pysyvät maassa, vaikutusta myös pankkeihin
    Laajat tietotekniikkaongelmat aiheuttavat parhaillaan ongelmia ympäri maailman.
    https://www.iltalehti.fi/digiuutiset/a/bc5f77a6-5317-48ff-86ad-adf3faba35c2

    Muun muassa Ison-Britannian yleisradioyhtiö BBC uutisoi laajojen IT-ongelmien häiritsevän parhaillaan muun muassa lentoyhtiöiden, pankkien ja uutismedioiden toimintaa.

    Berliinin lentokentällä kaikki saapuvat ja lähtevät lennot jouduttiin väliaikaisesti perumaan ennen kello 11 Suomen aikaa, kertovat muun muassa Bild ja Tagesspiegel. Berliinissä on juuri alkanut kesälomakausi.

    Uutistoimisto Reutersin mukaan ongelmia on myös Amsterdamin Schipholin ja Brysselin lentokentillä. Matkustajia on ohjeistettu olemaan yhteydessä omiin lentoyhtiöihinsä.

    Yhdysvalloissa Alaskan osavaltion pelastusviranomaiset ovat varoittaneet ongelmien vaikutuksesta myös pelastustoimeen. Muun muassa hätänumeron toiminnassa on ollut ongelmia.

    Yhdysvalloissa myös Delta Airlinesin, United Airlinesin ja American Airlinesin lentokoneet pysyvät toistaiseksi maassa. Syyksi on uutiskanava CNN:n mukaan kerrottu kommunikaatio-ongelmat.

    Ongelmien kerrotaan vaikuttavan myös Lontoon pörssin toimintaan.

    Ongelmat näyttävät liittyvän yhdysvaltalaisen tietoturvayhtiö Crowdstrikeen.

    Microsoft tiedotti ongelmista aiemmin tänään viestipalvelu X:ssä, mutta kertoi sittemmin BBC:lle, että valtaosa ongelmista on saatu korjattua.

    Mass IT outage affects airlines, media and banks
    https://www.bbc.com/news/articles/cv2g5lvwkl2o

    A raft of global institutions – including major banks, media outlets and airlines – have reported a mass IT outage, affecting their ability to offer services.
    Several airlines have grounded flights around the world and many more are reporting delays.
    The US state of Alaska has warned its emergency services are affected, supermarkets in Australia have been crippled, and media outlets in several countries have been left scrambling as systems failed, with Sky News in the UK temporarily forced off air.

    Reply
  2. Tomi Engdahl says:

    Delta, United and American Airlines flights grounded due to communication issue, FAA says
    https://www.cnn.com/2024/07/19/business/delta-american-airlines-flights-outage-intl-hnk/index.html

    Reply
  3. Tomi Engdahl says:

    Frontier and other airlines were at a standstill for hours after a massive Microsoft outage
    https://www.cnn.com/2024/07/18/business/frontier-airlines-microsoft-outage/index.html

    Reply
  4. Tomi Engdahl says:

    Näin IT-kaaos näkyy Suomessa – OP kertoo ongelmasta palvelussaan
    https://www.iltalehti.fi/digiuutiset/a/08908d8a-16f3-4720-b60e-c017c01d602b

    Reply
  5. Tomi Engdahl says:

    Crowdstrike, blame the Australians

    7/18/24 10:20PM PT – Hello everyone – We have widespread reports of BSODs on windows hosts, occurring on multiple sensor versions. Investigating cause. TA will be published shortly. Pinned thread.

    SCOPE: EU-1, US-1, US-2 and US-GOV-1

    Edit 10:36PM PT – TA posted: https://supportportal.crowdstrike.com/s/article/Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19

    Edit 11:27 PM PT:

    CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.

    Workaround Steps:

    1. ⁠Boot Windows into Safe Mode or the Windows Recovery Environment
    2. ⁠Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
    3. ⁠Locate the file matching “C-00000291*.sys”, and delete it.
    4. ⁠Boot the host normally.

    Reply
  6. Tomi Engdahl says:

    Valtava tietoliikennekaaos: Lennot jäivät maahan, hätäpuheluissa vikaa, kaupoissa ongelmia
    https://www.is.fi/digitoday/art-2000010574834.html

    Reply
  7. Tomi Engdahl says:

    https://www.facebook.com/share/p/xo3UWzsDzZdzbeLs/

    Not a Humour or Meme lol, But in relation to Crowdstrike there is a fix.

    Click See Advanced Repair Options
    Click Troubleshoot
    Click Command prompt and enter the following
    pushd C:\Windows\System32\drivers\Crowdstrike
    del “C-00000291*.sys”
    exit
    Click continue, system should reboot normally

    Reply
  8. Tomi Engdahl says:

    Jay Criste maybe try : boot on safe mode
    Go to command prompt
    Rename CSAGENT.SYS to CSAGENT_OLD.SYS in windows/system32/drivers/Crowdstrike/CSAGENT.SYS

    Reply
  9. Tomi Engdahl says:

    Meneillään olevan Windows-ohjelman päivityksen tuhoja: TV-lähetykset poikki, lentoja peruttu, junat eivät kulje, kaupat kiinni
    https://dawn.fi/uutiset/2024/07/19/crowdstrike-vaikutukset?fbclid=IwZXh0bgNhZW0CMTEAAR177dNNyNw_P3vjPWSTfGlYo9klBQSHGaBLVLemxEof-uzBaYNmo4Kk3wQ_aem_o7VB_LOGkv5IwNxKGxXWDg

    Viime yönä tapahtuneen epäonnisen tietoturvaohjelmiston päivityksen jälkipyykki näyttää kasvavan hurjaksi.

    Päivitys CrowdStrike-yhtiön tietoturvaohjelmistossa, jota käytetään laajalti yrityksissä ja palvelimilla, aiheuttaa Windowsin “kuolemanruudun”. Eli tietokoneet, joihin päivitys on ehtinyt asentua, kaatuvat välittömästi ja niihin tulee näkyviin Windowsin sininen virheilmoitus, joka kertoo tietokoneen kaatuneen.

    Britanniassa päivitys on kerännyt laajaa tuhoa: Yahoo Newsin mukaan Ryanairin lentoja on jouduttu perumaan päivityksen aiheuttamien ongelmien vuoksi, samoin Britannian isoin rautatieyhtiö on perunut useita vuoroja ja kertonut syyksi “laajat IT-ongelmat”.

    Myös brittiläiset pankit ja kauppaketjut ovat joutuneet sulkemaan osia toiminnoistaan.

    Yhdysvalloissa suurimmat lentoyhtiöt ovat nekin peruneet laajasti lentojaan, antaen selitykseksi “tietoliikenneongelmat”, vaikkakaan yhtiöt eivät ole täsmentäneet sitä, onko syynä CrowdStriken Falcon Sensor -ohjelmiston päivityksen aiheuttamat ongelmat.

    Britanniassa myös Sky News -tv-kanavan lähetykset katkesivat samaisen päivityksen vuoksi aiemmin tänä aamuna.

    Ohjelmistolle ei ole vielä saatu julkaistua ongelman korjaavaa päivitystä. Mutta isoin haaste tulee olemaan se, miten yritysten IT-tuki saa asennettua päivityksen tietokoneisiin, jotka kaatuvat välittömästi käynnistymisensä jälkeen. Etänä temppu tuskin tulee onnistumaan, joten tulevista päivistä saattaa tulla hyvinkin kiireinen yritysten IT-tukihenkilöille.

    https://dawn.fi/uutiset/2024/07/19/crowdstrike-falcon-sensor-windows-sininen-ruutu-korjaus

    Reply
  10. Tomi Engdahl says:

    On July 19, 2024, CrowdStrike released a software update to the vulnerability scanner Falcon Sensor. Flaws in the update caused blue screens of death on Microsoft Windows machines, disrupting millions of Windows computers worldwide.[42][43] Affected machines were forced into a bootloop, making them unusable. The downtime caused a widespread global impact, grounding commercial airline flights, temporarily taking Sky News offline, and disrupting 911 emergency call centers.[44][45] By the end of the day, CrowdStrike’s share price had dropped $38.09, or 11.10%, to $304.96.
    https://en.m.wikipedia.org/wiki/CrowdStrike

    Reply
  11. Tomi Engdahl says:

    Microsoft outages caused by CrowdStrike software glitch paralyze airlines, other businesses. Here’s what to know.
    https://www.cbsnews.com/news/microsoft-internet-outages-reported-worldwide/

    Reply
  12. Tomi Engdahl says:

    The “largest IT outage in history,” briefly explained
    Airlines, banks, and hospitals saw computer systems go down because of a CrowdStrike software glitch.
    https://www.vox.com/technology/361740/crowdstrike-outage-windows

    Airlines, banks, and retailers across the globe were among the many businesses that ground to a halt on Friday due to a flawed software update that led to massive delays and service disruptions.

    According to CrowdStrike, the Texas-based cybersecurity firm behind the glitch, the issue was caused by a faulty update in its software for Microsoft Windows users, a problem it’s actively working to address. Mac and Linux users were not affected.

    “This is not a security incident or cyberattack,” CrowdStrike CEO George Kurtz emphasized in a post on X, formerly known as Twitter. Kurtz added that the fix for the problem had already been “deployed,” but noted in a CNBC interview that it could take “some time” before it goes into effect for everyone experiencing the outage.

    While people await a fix, thousands across the world are grappling with long waits at airports and trains, issues logging into their bank accounts, and challenges reaching key services, including first responders.

    The tech error spotlights how central these systems have become to key day-to-day activities, including travel and financial transactions, and how vulnerable they can be to simple human mistakes.

    What happened?

    Early Friday morning, businesses from Europe to Asia to the US began experiencing problems with their Microsoft computer systems, with many suddenly seeing the dreaded “blue screen of death”: an error page that signals that a Windows machine is inoperable.

    Since then, a wide range of services have been affected in what was described by Troy Hunt, a cybersecurity expert, as the “largest IT outage in history.”

    More than 2,000 flights have been canceled in numerous airports. American Airlines, Delta, and United were just a few of the major operators forced to ground their flights globally for part of Friday.

    A staggering graphic from Colin McCarthy, an atmospheric science student at UC Davis, captures how flight traffic slowed considerably in the wake of the tech snafu. Passengers at numerous airports documented the chaos while computers were down, and little information was available about updates or alternatives.

    Beyond the travel hiccups it caused, the software problem has led to hospitals canceling elective surgeries, 911 operators experiencing glitches, and banks unable to provide customer information online.

    How did this happen?
    The problem was caused by “a defect found in a single content update of its software on Microsoft Windows operating systems,” Kurtz wrote on X. As The Verge notes, it appears the company was trying to update a driver in its Falcon offering, which is a cloud-based product that scans for potential hackers.

    What is CrowdStrike?
    CrowdStrike is an Austin, Texas-based cybersecurity firm that produces software to identify and stymie hacking threats. Its products are utilized by roughly 29,000 companies worldwide including hospitals, banks, and numerous Fortune 500 companies.

    It has previously helped look into breaches at Sony as well as the Democratic National Committee.

    How did CrowdStrike become so important?
    Founded in 2011, CrowdStrike quickly became an industry leader in cybersecurity and has only grown in popularity in recent years as demand for such services has increased.

    It has made an aggressive marketing push that included Super Bowl ads and has worked to tailor its products to the needs of large organizations with complex security. At least one 2023 analysis, from Canalys, found the company controls roughly 20 percent of the cybersecurity market.

    When will the outage be fixed?
    Kurtz, CrowdStrike’s CEO, has stressed that the team has identified the issue and is working to solve it, though it could take more time for some systems to recover.

    The company has already worked to pull back the update, he noted, meaning certain organizations might be able to address the problem by simply rebooting their systems. For others that have been unable to fix the issue in this way, “it could be hours, it could be a bit longer,” Kurtz told CNBC. Some cybersecurity experts have said “a bit longer” could mean days.

    Some systems could need a manual update, for instance

    Reply
  13. Tomi Engdahl says:

    Microsoft-CrowdStrike issue causes ‘largest IT outage in history’
    https://www.cnbc.com/2024/07/19/latest-live-updates-on-a-major-it-outage-spreading-worldwide.html

    The outage came as cybersecurity giant CrowdStrike experienced a major disruption early Friday following an issue with a recent tech update.

    CrowdStrike CEO George Kurtz has since said that the company is “actively working with customers impacted by a defect found in a single content update for Windows hosts,” stressing that Mac and Linux hosts are not affected.

    “This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,” he said on social media.

    https://www.cnbc.com/2024/07/19/crowdstrike-suffers-major-outage-affecting-businesses-around-the-world.html

    An update by cybersecurity firm CrowdStrike led to a major IT outage on Friday, impacting businesses around the world.
    “The issue has been identified, isolated and a fix has been deployed,” CrowdStrike CEO George Kurtz said in a statement on X.

    Reply
  14. Tomi Engdahl says:

    What is Crowdstrike? The $80 billion company linked to largest IT outage in history
    An update to a system to protect computers meant that many of them have simply broken
    https://www.independent.co.uk/tech/crowdstrike-what-is-explained-edr-microsoft-b2582527.html

    Before this week, CrowdStrike was known for finding the cause of problems. The company – headquartered in Texas but with a reach across the world – was most famous for having investigated large scale hacks, such as those on Sony Pictures and a run of breaches at the Democratic National Committee that it blamed on Russian spies.

    It has built a huge business out of that and other work. It was worth $80bn (£62bn) when trading on the Nasdaq closed on Thursday – though its share price has since fallen by 20 per cent. It reported revenues of $3bn in the last year.

    CrowdStrike has now become one of the most highly valued and widely used cybersecurity companies. But as with many of its competitors, it is known primarily to IT professionals and investors – until the chaos of the outage on Friday, perhaps the most prominent place that CrowdStrike appears is its sponsorship of the “halo” that protects Lewis Hamilton in the event of a crash during Formula One races.

    On Friday, as the problems began, it was not initially clear what had caused them. But it was clear that there was a big issue: computers across the world, relied on for some of our most central infrastructure, would not turn on properly and instead showed the “blue screen of death” that indicates something drastic has gone wrong.

    However, as the hours passed it became clear that the problem was linked to CrowdStrike. Specifically, all of the computers suffering issues had been running its “Falcon” software, a product that is intended to keep computers safe.

    Falcon provides “endpoint detection and response” technology that spots attacks on users. It is intended to keep computers safe by running on them so that it can spot threats and block them.

    To do so, however, it requires two very powerful things. Firstly it must be updated regularly, so that it is ready to respond to new threats as they arrive; secondly, it needs wide-ranging and “privileged” access to a device, so that its protection can run even in the most central and sensitive parts of the computer.

    Those two things appear to be behind CrowdStrike and the world’s problems on Friday. A new update brought with it a “defect”, the company has said – and because the software has such wide-ranging access, that single update was enough to disable the computer.

    “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted,”

    “This is not a security incident or cyberattack.”

    Reply
  15. Tomi Engdahl says:

    It’s the auto-updates of the CrowdStrike antivirus software only on Windows machines that got everyone in trouble

    And yes, it is important to use auto-updates on systems like POS checkins for airlines or sea port traffic, but the specific and already-noted drawback of having such a large structure that you physically CAN’T service it with humans is specifically this exact failure. This is the specific reason a lot of people choose NOT to auto-update their personal devices.

    Reply
  16. Tomi Engdahl says:

    London’s stock markets closed in the red on Friday, affected by a significant global IT outage and a drop in UK retail sales.

    As suggested by a Facebook discussion: it’s the Fire Sale from Die Hard 4: 911 infrastructure down across the the country for various reasons, ground stop at airports, banks not running deposits, and London Stock Exchange was offline.

    On Friday, a number of technological issues halted services at airlines, banks, and the London Stock Exchange, triggering an unexpected cascade of failures that spread from the United States to Asia following Microsoft Corp.’s announcement of an outage across its online services, as per various media reports.
    https://www.livemint.com/market/stock-market-news/london-stock-exchange-services-impacted-due-microsoft-outage-11721374533490.html

    Reply
  17. Tomi Engdahl says:

    Crowdstriken osake syöksyy – Tällainen on yhtiö, joka sai maailman järjestelmät sekaisin
    Tieto­järjestelmät|Maailmanlaajuisen tietoliikennehäiriön aiheuttanut yhdysvaltalainen Crowdstrike on yksi maailman johtavia tietoturvayrityksiä. Se on tunnettu erityisesti osallistumisestaan korkean profiilin kyberhyökkäysten selvittämiseen.
    https://www.hs.fi/talous/art-2000010575228.html

    Reply
  18. Tomi Engdahl says:

    HYPPÖNEN arvioi HS:lle, että massiivinen ongelma tulee epäilemättä näkymään pörssiyhtiön tulevaisuudessa.

    ”Siellä on varmaan kaikenlaisia sopimuksia asiakkaiden kanssa toimitusvarmuudesta, jotka nyt on rikottu. Taloudellisia seuraamuksia tulee varmasti”, Hyppönen sanoo.

    Häiriö on jo saanut useiden eurooppalaisten lentoyhtiöiden osakkeiden hinnat laskuun.

    https://www.hs.fi/talous/art-2000010575228.html

    Reply
  19. Tomi Engdahl says:

    It-ekspertti arvioi, miten maailmaa lamauttanut Microsoft-kaaos pääsi syntymään – ”Tämä on se iso kysymys”
    Tietoturva-asiantuntija Petteri Järvisen mukaan maailmanlaajuisen kaaoksen aiheuttaneessa ohjelmistoviassa voi olla kyse tahallisesta teosta.
    https://www.kauppalehti.fi/uutiset/kl/892a1768-f435-470e-bd64-44047660d743

    Microsoftin maailmanlaajuinen tietoliikennehäiriö aiheuttaa tällä hetkellä ongelmia niin lentoyhtiöiden, pankkien, pörssien kuin uutismedioidenkin toiminnassa.

    Microsoftin kyberuhkien tunnistamisesta vastaava johtaja Brody Nisbet vahvisti viestipalvelu X:ssä, että laajat tietoliikennehäiriöt liittyvät kyberturvallisuusyhtiö Crowdstriken järjestelmäpäivitykseen.

    ”Pidän todennäköisimpänä vaihtoehtona, että Crowdstrikea tietoturvaohjelmanaan käyttävissä yrityksissä tietoturvaohjelman päivitys on rikkonut päätelaitteet eli pöytäkoneet tai mobiililaitteet”, hän selittää.

    ”Tämä selittäisi sen, minkä takia Suomessa ole ollut kovin paljon ongelmia. Meillä yritykset ovat sen verran pienempiä, ettei laajaa korporaatiotason Crowdstrike-ohjelmaa juurikaan käytetä”, hän jatkaa.

    Hänen mukaansa askarruttavin kysymys tällä hetkellä on se, onko viallisessa päivityksessä ollut kyse tahallisesta vai tahattomasta teosta.

    Voivatko häiriöt laajeta entisestään?

    ”Maailmalla infrastruktuuri ja peruspalvelut ovat häiriintyneet, mutta en usko, että ongelmat tästä enää paljon laajenevat, kun tiedetään, mistä etsiä vikaa”, Järvinen vastaa.

    ”Mutta kyllähän tämä jälleen kerran kertoo siitä, miten haavoittuvaisia me länsimaiset yhteiskunnat olemme. Yhdellä hakkeroinnilla voi olla arvaamattomia vaikutuksia, jos joku pääsee kriittiseen paikkaan tekemään hakkeroinnin. Kyse ei ole murtautumisesta sataan eri yritykseen. Se riittää, kun murtaudutaan johonkin sopivan kriittiseen paikkaan ja vaikutus heijastuu kaikkialle”, hän jatkaa.

    Järvinen myös huomauttaa, kuinka jo pitkään on varoiteltu mahdollisesta ongelmista, jos kaikilla yrityksillä on samanlaiset tietoturvaohjelmat ja sovellukset käytössään.

    ”Tämä monokulttuuri. On varoitettu siitä, että jos kaikilla on samanlaiset windowsit, samanlaiset tietoturvaohjelmat ja sovellukset, yksi vika voi pysäyttää kaiken. Olisi erittäin terveellistä, että käytössä olisi erilaisia ympäristöjä, versioita ja eri palveluntarjoajia. Se, että kaikki on yhdenmukaista, on kustannustehokasta. Tällaisissa tilanteissa se kuitenkin kostautuu”, hän pohtii.

    Reply
  20. Tomi Engdahl says:

    Technically CrowdStrike is doing its job. Your data is still secure. Even from you.

    Reply
  21. Tomi Engdahl says:

    CrowdStrike fixes start at “reboot up to 15 times” and get more complex from there
    Admins can also restore backups or manually delete CrowdStrike’s buggy driver.
    https://arstechnica.com/information-technology/2024/07/crowdstrike-fixes-start-at-reboot-up-to-15-times-and-get-more-complex-from-there/?fbclid=IwZXh0bgNhZW0CMTEAAR0NX3dPUxldz0TJ4WNHHMw4NdKlkLKIvwqhNQiqb50hmo3QGqWzydKW9SM_aem_MGVKyx9ow-ODueKapRfOrg

    Airlines, payment processors, 911 call centers, TV networks, and other businesses have been scrambling this morning after a buggy update to CrowdStrike’s Falcon security software caused Windows-based systems to crash with a dreaded blue screen of death (BSOD) error message.

    We’re updating our story about the outage with new details as we have them. Microsoft and CrowdStrike both say that “the affected update has been pulled,” so what’s most important for IT admins in the short term is getting their systems back up and running again. According to guidance from Microsoft, fixes range from annoying but easy to incredibly time-consuming and complex, depending on the number of systems you have to fix and the way your systems are configured.

    Microsoft’s Azure status page outlines several fixes. The first and easiest is simply to try to reboot affected machines over and over, which gives affected machines multiple chances to try to grab CrowdStrike’s non-broken update before the bad driver can cause the BSOD. Microsoft says that some of its customers have had to reboot their systems as many as 15 times to pull down the update.

    If rebooting doesn’t work
    If rebooting multiple times isn’t fixing your problem, Microsoft recommends restoring your systems using a backup from before 4:09 UTC on July 18 (just after midnight on Friday, Eastern time), when CrowdStrike began pushing out the buggy update. Crowdstrike says a reverted version of the file was deployed at 5:27 UTC.

    If these simpler fixes don’t work, you may need to boot your machines into Safe Mode so you can manually delete the file that’s causing the BSOD errors. For virtual machines, Microsoft recommends attaching the virtual disk to a known-working repair VM so the file can be deleted, then reattaching the virtual disk to its original VM.

    Reply
  22. Tomi Engdahl says:

    Suomi säästyi pahimmalta tietoliikennekaaokselta – ja siihen on yksi syy
    Päivitysongelma koski lähinnä suuryhtiöitä, jotka ovat yhdysvaltalaisen tietoturvayrityksen asiakkaita. Niitä ei Suomessa paljoa ole, mutta vaikutukset heijastuivat meille asti.
    https://yle.fi/a/74-20100548

    Reply
  23. Tomi Engdahl says:

    https://yle.fi/a/74-20100448
    Ohjelmistovirhe sotki maailmalla lentoja, maksuja ja sairaanhoitoa – suomalaisasiantuntija: ”Ihan uudella levelillä”
    Useilla lentokentillä on kerrottu olevan teknisiä häiriöitä. Yhdysvalloissa ongelmat ulottuvat lentoyhtiöiden lisäksi sairaaloihin. Perjantaina iltapäivällä kerrottiin, että ongelma on korjattu.

    Reply
  24. Tomi Engdahl says:

    Hackers can’t get in if your shit doesn’t boot in the first place, right?
    It’s effective! Can’t be hacked if it doesn’t boot!

    Reply
  25. Tomi Engdahl says:

    [Verse]
    Woke up to the screams in the night
    Digital storm crashin’ fright
    Windows broken data gone
    Crowdstruck hittin’ everyone

    [Verse 2]
    No gate no shops not our flights
    Software brewin’ chaos they feastin’
    Corporate giants trembling fallin’
    Microsoft broken they’re callin’

    [Chorus]
    Crowdstruck the walls come down
    Crowdstruck the sirens sound
    Crowdstruck we lost control
    Crowdstruck it’s takin’ its toll

    [Verse 3]
    Fingers pointin’ no one’s safe
    Shadow codes like ghosts they rave
    Bug is spreadin’ panic all over
    Blue screens crash hard can’t recover

    [Verse 4]
    Promises crumblin’ shattered trust
    Digital wasteland turned to dust
    Bleedin’ bits of broken dreams
    Cyber siege the system screams

    [Chorus]
    Crowdstruck the walls come down
    Crowdstruck the sirens sound
    Crowdstruck we lost control
    Crowdstruck it’s takin’ its toll

    Reply
  26. Tomi Engdahl says:

    RGE = resume generating event

    Reply
  27. Tomi Engdahl says:

    Claim from
    https://www.facebook.com/share/p/PKcj4PMVyTWCVMcX/

    I was curious about this too. I initially slammed them for bad internal quality assurance. But it appears that the file was corrupted en route from devs to the update server. The file is all 000s, totally blank. Not sure how that occurs as it’s not an issue I’ve had to deal with…ever lol

    Reply
  28. Tomi Engdahl says:

    If you survived Y2K, Log4j, and today’s Crowdstrike outage you’ve been doing this sheyt for too long

    Reply
  29. Tomi Engdahl says:

    A defective CrowdStrike driver update due to gross negligence caused Windows to crash (blue screen). Every single affected device requires ON-SITE repair unless they have console access such as iDRAC. IT is overwhelmed and it will be weeks before they can fix everything.

    Reply
  30. Tomi Engdahl says:

    It really was an update that went bad. I don’t know this guy, but I like his tweet:

    “This is a wake up reminder that you shouldn’t have an internet connected privileged binary running on your production systems. What was a bad update could have easily been a massive adversary backdoor. A third party vendor will always be the weakest link. Isolate critical systems”

    https://x.com/cstanley/status/1814366321510916570

    Reply
  31. Tomi Engdahl says:

    A Reminder that updates need to be tested in a lab environment prior to being implemented in production.

    Reply
  32. Tomi Engdahl says:

    Luděk Kvapil it looks like they didn’t test it in ANY device because the failure is 100% on ANY Windows device, not just some corner cases with odd configuration. I suppose the Windows update is only for Windows (not same for other OSes) so it is 100% failure. It could have been detected had they just tried to update it in some random Windows machine so they had not done ANY testing at all.

    Luděk Kvapil shouldn’t this have been solved by restoring from a restore point?

    Reply
  33. Tomi Engdahl says:

    CrowdStrike, a company that provides cybersecurity software, released an update to improve their protection tools. Unfortunately, this update caused a significant problem, leading many Windows computers using their services to crash and continuously restart. This issue affected crucial services such as airlines and emergency systems. Not all Windows users were affected—only those whose companies use CrowdStrike’s security software; but because this is a popular cybersecurity solution for businesses, millions were effected.

    To fix the problem, users had to manually re-boot each effected computer into Safe Mode and delete specific files located in the C:\Windows\System32\drivers\CrowdStrike directory. This action stopped the faulty part of the software from running, allowing the computers to function normally again. Their stock took a huge dip yesterday after the news hit.

    Reply
  34. Tomi Engdahl says:

    They pushed an update with a content file with all zeros in it. The crowdstrike kernel module (piece of code with subroutines that can include a lot of different very low level actions) was not equipped to handle a file full of null values, so it just kept crashing every time it tried to read it, sending the windows OS into a boot loop.

    Reply
  35. Tomi Engdahl says:

    The worst nightmare for any Cybersecurity person …. a massive outage due to an ‘insider threat’.

    Technically though it falls under the category of supply chain.

    Crowdstrike ran a patch without testing before production and deployment.

    Reply
  36. Tomi Engdahl says:

    One CrowdStrike dev, one faulty update, global chaos. Proof that one person *can* change the world (even if not in the way they intended).

    Reply
  37. Tomi Engdahl says:

    This isn’t just a CrowdStrike issue. It’s endemic in IT. Everything is JFDI priority 1. Real engineering takes a back seat to delivery and immediate stakeholder value because senior leadership treats teams like tech bros facing shareholders. Short-term fixes over long-term solutions lead to technical debt and burnout, no doubt combined with understaffing. We can all point and laugh but if you work in IT engineering I guarantee you are in a similar if smaller boat.

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*