Businesses worldwide are facing disruptions to their Windows workstations due to a faulty update from cybersecurity firm CrowdStrike. The CEO, George Kurtz, confirmed that the issue only affects Windows hosts, with Mac and Linux hosts unaffected. CrowdStrike has identified the problem and released a fix for its Falcon Sensor product.
For affected systems, the following mitigation steps are recommended:
- Boot Windows in Safe Mode or Windows Recovery Environment
- Navigate to the C:\\Windows\\System32\\drivers\\CrowdStrike directory
- Delete the file named “C-00000291*.sys”
- Restart the computer or server
Google Cloud Compute Engine has also been impacted, causing Windows virtual machines using CrowdStrike’s csagent.sys to crash and reboot unexpectedly.
Microsoft Azure and Amazon Web Services have taken steps to mitigate the issue for affected virtual machines and instances. Security researcher Kevin Beaumont obtained the faulty CrowdStrike driver and noted its impact on Windows systems.
Various industries, including airlines, financial institutions, hospitals, and more, have been affected by the outage. CrowdStrike’s shares have dropped, and the recovery process is expected to take days.
The incident highlights the importance of implementing fail-safes and diversifying IT infrastructure to prevent widespread disruptions. It also emphasizes the need for diversity in technology stacks for greater resilience and security.
Microsoft recently experienced its own outage, underscoring the fragility of monocultural supply chains. Omkhar Arasaratnam, general manager of OpenSSF, stressed the importance of diversity in technology ecosystems for resilience and security.
Follow us on Twitter and LinkedIn for more exclusive content.