1.0 Introduction
Recently, MyCERT received information from multiple sources regarding a critical issue with CrowdStrike Falcon Sensor update which caused a global outage of multiple systems that is using Microsoft Windows.
2.0 Impact
PC/Hosts using Microsoft Windows with CrowdStrike Falcon installed might experience crashes and unable to boot into Windows properly.
3.0 Affected System and Devices
PC/Hosts using Microsoft Windows with CrowdStrike Falcon installed
4.0 Recommendations
CrowdStrike has provided a temporary workaround to resolve this issue as follows:
Workaround Steps from CrowdStrike:
1. Boot Windows into Safe Mode or the Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file matching “C-00000291*.sys”, and delete it.
4. Boot the host normally.
Generally, MyCERT advises the users of this devices to be updated with the latest security announcements by the vendor and follow best practice security policies to determine which updates should be applied.
For further enquiries, please contact MyCERT through the following channels:
E-mail: cyber999[at]cybersecurity.my
Phone: 1-300-88-2999 (monitored during business hours)
Mobile: +60 19 2665850 (24x7 call incident reporting)
Business Hours: Mon - Fri 09:00 -18:00 MYT
Web:
https://www.mycert.org.my
Twitter:
https://twitter.com/mycert
Facebook:
https://www.facebook.com/mycert.org.my
5.0 References
1)
https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES02&VLCODE=CIAD-2024-0035
2) CrowdStrike Customer Support Portal Tech Alert : https://supportportal.crowdstrike.com/s/article/Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19
3) Group-IB GLOBAL IT OUTAGE: BANKS, FLIGHTS AND MEDIA OUTLETS HIT BY CROWDSTRIKE SOFTWARE ISSUE ATTACK REPORT (19/7/2024)