A significant issue in Crowdstrike is leading to a shutdown of many systems worldwide.
The issue is not the result of a cyberattack, but of a recent Falcon Sensor update following which many Windows users are experiencing a Blue Screen of Death error. Other operating systems are not affected. Moreover, it is still unclear which versions of Falcon agent are impacted.
The issue has led to major outages in multiple countries and in organizations such as banks, airlines, media outlets, hospitals, telecom providers and more. It is also raןsing safety concerns, as airflights are being grounded, emergency services are being suspended and hospitals are back to "pen and paper".
After hours of global panic, Crowdstrike has finally isolated the issue and released a fix.
However, since most Windows computers are still caught in a BSOD loop, manual intervention might be required. In these cases, it is recommended deleting a channel file in the Crowdstrike driver (C-00000291*.sys) and rebooting in safe mode. According to the firm, the channel file with timestamp of 0527 UTC or later is the correct one.
Crowdstrike also released a query to help its customers identify affected assets.
Zafran will assist its customers and provide them a list of affected assets, as relevant mitigations as soon as available. Please contact us for further assistance.
Update (as of July 21, 6AM EST): Crowdstrike announced that it is “now close to rolling out an automatic fix” released an automatic fix and that 8.5 million Windows devices have been affected worldwide.