Businesses worldwide are facing disruptions due to a faulty update released by cybersecurity company CrowdStrike affecting Windows workstations.
The CEO of CrowdStrike, George Kurtz, has confirmed the issue with a single content update for Windows hosts but assured that Mac and Linux hosts are not affected. The company is actively working on resolving the issue and has deployed a fix for its Falcon Sensor product.
A fix has also been released for systems impacted by the problem. Customers are advised to follow the mitigation instructions provided:
- Boot Windows in Safe Mode or Windows Recovery Environment
- Navigate to the C:WindowsSystem32driversCrowdStrike directory
- Delete the file named “C-00000291*.sys”
- Restart the computer or server normally
Google Cloud Compute Engine has also been affected, causing Windows virtual machines using CrowdStrike’s csagent.sys to crash and reboot unexpectedly.
Other cloud providers like Microsoft Azure and Amazon Web Services have taken measures to mitigate the issue and restore connectivity for affected instances.
Security researcher Kevin Beaumont highlighted the severity of the incident caused by the defective driver pushed by CrowdStrike through an automatic update.
The incident has impacted various sectors globally, leading to significant disruptions and financial losses for businesses. The recovery process is expected to take days as affected endpoints need to be manually fixed.
This incident emphasizes the need for diversified IT infrastructure and multiple fail-safes to prevent such wide-reaching issues. It also underscores the importance of gradual rollout of system changes to observe and mitigate potential impacts.
Microsoft is also recovering from a separate outage impacting Microsoft 365 apps and services, emphasizing the fragility of monocultural supply chains in technology ecosystems.
The incidents with Microsoft and CrowdStrike highlight the importance of diversity in technology stacks for resilience and security in the face of systemic faults.
