CrowdStrike Outage: Latest Updates and Best Practices 

nathan
By Naganathan S J
Staff Security Engineer - Research
July 19, 2024

Incident Overview 

Today, CrowdStrike reported a significant outage affecting multiple services, including their Falcon platform. The CrowdStrike team is actively working to resolve the issue and restore full functionality. Users are advised to monitor CrowdStrike’s official status page for real-time updates and follow any recommended actions provided by the company. 

The recent outage of CrowdStrike has caused a global disruption for users of Microsoft Windows computers. This has affected not only corporate offices but also critical sectors like banks, supermarkets, telecommunications, and airports across the world. The primary issue has been identified as a defect in a single content update for Windows hosts, which resulted in the notorious “Blue Screen of Death” (BSOD). 

CrowdStrike CEO Statement: “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated, and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels.” 

For detailed updates, refer to CrowdStrike’s official statement

Mitigation Steps 

To mitigate the issues caused by the recent update, CrowdStrike has reverted the changes made. If hosts are still experiencing crashes and are unable to stay online to receive updates, CrowdStrike recommends the following steps: 

  1. Boot Windows into Safe Mode, 
  1. Navigate to the directory C:\Windows\System32\drivers\CrowdStrike and locate the file matching the pattern “C-00000291*.sys”, 
  1. Delete the file, and 
  1. Reboot the host normally. 

Responding to the Current CrowdStrike Outage 

During the current CrowdStrike outage, it is crucial to stay informed by following CrowdStrike’s official status page, social media channels, and any direct communications for the latest updates. Keeping up-to-date information helps in making timely decisions and coordinating with your team effectively. 

Activate your incident response plan, using alternative security measures to monitor and protect your systems while CrowdStrike services are being restored. Swift action can prevent potential security breaches and minimize the impact on your operations. 

Prioritize the security of your most critical assets and data by increasing monitoring and access controls to prevent potential breaches during the outage. This proactive approach ensures that your sensitive information remains secure even when primary security measures are compromised. 

Engage with CrowdStrike support for specific guidance and support during this outage, documenting all communications and following their recommendations closely. Direct engagement with CrowdStrike can provide tailored solutions and expedite the resolution process. 

Mobilize predefined crisis management teams to ensure consistent communication with users. Keep security operation teams alert for new threat intelligence and unusual activities. Utilize IT technical professionals to assist PC end users with the published workaround, ensuring support without granting direct access to recovery tools or elevated privileges. 

Conclusion 

With the right preparations and best practices, your team can navigate this effectively. Stay informed, activate contingency plans, and prioritize communication to maintain your security posture during such events. As the situation evolves, we will continue to monitor updates from CrowdStrike and provide updated recommendations. 

Topics





Recent Posts








Top Tags


Gartner Research Report

2023 Gartner® Critical Capabilities for SD-WAN

Versa Networks has been positioned in the highest ranked three vendors for all five Use Cases in the 2023 Gartner® Critical Capabilities for SD-WAN Report.