CrowdStrike states: "The issue has been identified, isolated and a fix has been deployed." It would seem that the official fix is as follows:
Workaround Steps:
Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it.
Boot the host normally.
As someone who is not a sysadmin, how the hell is locally logging in to millions of servers and devices stuck in a bootloop a "fix"? I understand that Windows Safe Mode is unavailable in encrypted devices, what do then?
how the hell is locally logging in to millions of servers and devices stuck in a bootloop a "fix"?
It's a fix as in it fixes the bootloop without having to format the whole system. The systems affected will bootloop as they will BSOD while Windows is booting and there is NOTHING else to be done if the update reached the system.
I understand that Windows Safe Mode is unavailable in encrypted devices, what do then?
It is available, but you need the Bitlocker recovery key which good luck finding the key on the AD domain controllers if those are affected by the boot loops(though keys can also be backed up on Microsoft Azure AD/Entra or if the sysadmin implemented another policy to back them up from AD). Bonus points if the devices are BIOS protected or have additional early boot security measures.
I saw a picture posted of Delta airport personnel going to every single airport check-in terminal and kiosk (like where you weigh your bag) and doing this manual fix.
A security update of Windows from them that their software pushed out. MS is very good at bricking their own machines with updates, but this one was Crowdstrike's doing not MS's doing.
I wonder if I can use this(on top of everything else) as a bludgeon for my IT when they brainless rattle off 'Um, dur, you need to upgrade to Windows 11 cause Windows says so durrrrr'
You'd think they'd be the first to put a grinding halt on this shit, but noooooo...
Welp, next time don't push updates directly to production without thorough testing. For fucks sake we're talking about code running in kernel mode. Maybe gamers will realise this kind of shit WILL happen(the bootloops) to them when Riot fucks up an update to Vanguard(or other anticheats, but at least the others will only cause a BSOD when the protected game starts up).
And now for the finger pointing game of Crowdstrike blaming a Windows update and Microsoft blaming them in return. While yes the kernel APIs are stable, AVs will often use undocumented stuff/methods that is subject to change with no notice.
The scariest thing about this is finding out the company that helped cover up Hillary's emails has access to airlines and 911 systems all over the world.
I went to work , did my work all on Office based programs and some custom web apps. Left Work and didn't know anything was wrong until I deided to stop at Woolworths for some food on the way home and they had people at the door saying they are only accepting cash today (the irony) - but the Foodland right next door was fine so I went there instead as Its very hard to carry cash where I live due to the banks fucking off all their ATM's in favour of you using the tills as ATM .... in Woolworths.
And I'M the paranoid one not wanting everything to be digital..
All I have to do is look at my car windows with dead motors to know that not having a manual/analog option is a bad idea.
hell, a regular old wired motor is still analog. sometimes you gotta go all the way back to mechanical for things to start being reliable again.
play stupid games (outsourcing to india), win stupid prizes
This is the same company the created the made-up Trump-Russia dossier.
They're not sending their best...or maybe they are.
yes and yes
CrowdStrike states: "The issue has been identified, isolated and a fix has been deployed." It would seem that the official fix is as follows:
As someone who is not a sysadmin, how the hell is locally logging in to millions of servers and devices stuck in a bootloop a "fix"? I understand that Windows Safe Mode is unavailable in encrypted devices, what do then?
It's a fix as in it fixes the bootloop without having to format the whole system. The systems affected will bootloop as they will BSOD while Windows is booting and there is NOTHING else to be done if the update reached the system.
It is available, but you need the Bitlocker recovery key which good luck finding the key on the AD domain controllers if those are affected by the boot loops(though keys can also be backed up on Microsoft Azure AD/Entra or if the sysadmin implemented another policy to back them up from AD). Bonus points if the devices are BIOS protected or have additional early boot security measures.
In other words, it's a fuckin disaster and sysadmins around the world are screaming.
I saw a picture posted of Delta airport personnel going to every single airport check-in terminal and kiosk (like where you weigh your bag) and doing this manual fix.
What a clusterfuck!
We've not been hit but I have friends at other companies that have had issues since the outage began.
Not fun and what is worse is people still trust crowdstrike.
It's mostly a service offered to companies and professional users. Crowdstrike blames a security update of Windows.
A security update of Windows from them that their software pushed out. MS is very good at bricking their own machines with updates, but this one was Crowdstrike's doing not MS's doing.
Well Musk supposedly just got rid of it on all his systems. Not sure what he replaced it with
I wonder if I can use this(on top of everything else) as a bludgeon for my IT when they brainless rattle off 'Um, dur, you need to upgrade to Windows 11 cause Windows says so durrrrr'
You'd think they'd be the first to put a grinding halt on this shit, but noooooo...
Welp, next time don't push updates directly to production without thorough testing. For fucks sake we're talking about code running in kernel mode. Maybe gamers will realise this kind of shit WILL happen(the bootloops) to them when Riot fucks up an update to Vanguard(or other anticheats, but at least the others will only cause a BSOD when the protected game starts up).
And now for the finger pointing game of Crowdstrike blaming a Windows update and Microsoft blaming them in return. While yes the kernel APIs are stable, AVs will often use undocumented stuff/methods that is subject to change with no notice.
The scariest thing about this is finding out the company that helped cover up Hillary's emails has access to airlines and 911 systems all over the world.
The competency crisis wasn’t a meme.
I remember the giant Ubuntu crash, where all Linux systems crashed at the same ti- oh wait, that never happens. Hmm. I wonder why?
I went to work , did my work all on Office based programs and some custom web apps. Left Work and didn't know anything was wrong until I deided to stop at Woolworths for some food on the way home and they had people at the door saying they are only accepting cash today (the irony) - but the Foodland right next door was fine so I went there instead as Its very hard to carry cash where I live due to the banks fucking off all their ATM's in favour of you using the tills as ATM .... in Woolworths.