IT Solutions Support Advisory – Microsoft Windows Outages
We are aware of the global CrowdStrike issue, which has caused widespread system crashes worldwide, affecting only Windows-based workstations and servers. Due to the nature of the issue, manual intervention is required on each system to correct it.
The following steps can be used to work around this issue and are further explained in our How-to-Video below:
Boot Windows into Safe Mode or the Windows Recovery Environment.
Use File Explorer to navigate to the C:WindowsSystem32driversCrowdStrike directory.
Locate the file matching ‘C-0000029*.sys’ and delete it.
Reboot the host normally.
IT Solutions’ Clients:
If your machine is protected by BitLocker, you may be prompted to enter an encryption key; if so, please contact the ITS help desk directly for assistance.
If you need any other assistance with these instructions, please contact the ITS help desk directly at helpdesk@itsolutions-inc.com or 215-886-7166. Please be aware that there may be delays and longer wait times than usual due to the high volume of support requests.
More Information on the Outage
On July 19, 2024, a routine update from CrowdStrike resulted in an unexpected and significant disruption for Microsoft Windows users globally. The update was intended to enhance security features but inadvertently caused system crashes on Windows-based workstations and servers. This issue stemmed from a conflict between the CrowdStrike Falcon Sensor, a key component in their endpoint detection and response system, and specific Windows system files.
What is CrowdStrike? CrowdStrike is a leading cybersecurity company that specializes in providing advanced threat intelligence, endpoint protection, and proactive security solutions. Founded in 2011, CrowdStrike has developed the Falcon platform, which leverages artificial intelligence and machine learning to detect and prevent cyber threats in real-time. The company’s products are widely used by organizations to safeguard their digital assets from sophisticated cyberattacks.
How It Happened: The problematic update was pushed as part of CrowdStrike’s regular maintenance and security enhancement efforts. However, a critical error in the update led to the corruption of essential system files, particularly those related to the CrowdStrike driver directory (please see above for corrupted file that can be deleted). This corruption resulted in systems being unable to boot properly, leading to widespread outages.
Impact: The fallout from this update has been extensive, impacting various sectors including healthcare, finance, and critical infrastructure. Many organizations have reported significant disruptions, with some experiencing complete shutdowns of their operations. Airports, hospitals, and large corporations have been among the most severely affected, highlighting the critical nature of robust cybersecurity practices and contingency planning.
Current Measures: CrowdStrike has acknowledged the issue and is working on deploying a fix. In the meantime, they have provided guidelines for manual intervention to mitigate the immediate impacts. These steps involve booting into Safe Mode, deleting the corrupted files, and rebooting the systems. Additionally, CrowdStrike’s support teams are actively assisting affected clients, although they are experiencing high volumes of service requests, leading to potential delays.
Future Prevention: To prevent such incidents in the future, CrowdStrike is conducting a thorough review of their update protocols and quality assurance processes. This includes enhanced testing environments and more rigorous pre-deployment evaluations to ensure that similar conflicts are identified and resolved before updates are released to the public.