Malone IT Group, Inc.’s Post

Global computer shutdown problem due to the faulty update from cybersecurity provider CrowdStrike knocked thousands of PCs and servers offline with a Blue Screen of Death (BSOD) error. The temporary solution to fix. 1. Boot Windows into Safe Mode or the Windows Recovery Environment  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory  3. Locate the file matching “C-00000291*.sys”, and delete it 4. Boot the host https://lnkd.in/gS6PTZT4

Alert: CrowdStrike Windows Outage and Immediate Steps to Take! 🚨 An unexpected CrowdStrike update has led to widespread Windows system crashes. Organizations globally, including major broadcasters and transport hubs, have been severely affected. For immediate relief, CrowdStrike engineers recommend the following steps: 1. 🛠 Reboot in Safe Mode or Windows Recovery Environment (WRE) 2. 🗂 Navigate to C:\Windows\System32\drivers\CrowdStrike 3. 🗑 Delete the file matching "C-00000291\*.sys" 4. 🔄 Boot your system normally CrowdStrike's CEO, George Kurtz, has clarified that the outage was due to a botched update and not a cyberattack. Fixes are being deployed, and continuous updates are expected to be communicated through official channels. ℹ️ For sysadmins, bear in mind, this workaround isn't scalable and might take time. For large-scale enterprises, patience is key! For further insights and updates https://lnkd.in/gV_yMj3n Here's to overcoming tech hurdles together! 💪 #Cybersecurity #CrowdStrikeOutage #TechNews #Windows

🔒 Security Update: CrowdStrike Falcon Incident Today, The Register reported an incident involving CrowdStrike's Falcon sensor causing Blue Screen of Death (BSOD) on several systems. CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes. Workaround Steps: 1. Boot Windows into Safe Mode or the Windows Recovery Environment 2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 3. Locate the file matching “C-00000291*.sys”, and delete it. 4. Boot the host normally. #CyberSecurity #InfoSec #CrowdStrike #SecurityNews #IncidentManagement #BSOD Read more about the incident here: https://lnkd.in/gzSAXR5t

Global Outage Hits CrowdStrike, Causing BSOD Errors Worldwide A significant outage has struck CrowdStrike, a leading cybersecurity platform known for providing advanced security solutions for Windows PCs. The outage follows a recent update from CrowdStrike, leaving many users in a lurch as they await further information and a resolution from the company. How to Fix CrowdStrike BSOD Error: 1. Restart Windows: Boot into Troubleshooting Mode. 2. Open a Command Prompt: Navigate to the Command Prompt from the Troubleshooting options. 3. Navigate to the CrowdStrike Drivers Directory: Enter the following command to go to the CrowdStrike drivers folder: bash cd C:\Windows\System32\drivers\CrowdStrike 4.Delete the Problematic File: Locate the file that matches the pattern C-00000291* sys and delete it using: bash del C-00000291* sys [Alternatively: Rename the file CSAgent.sys to avoid system crashes. For example, you can rename it to donotcrash.sys using:] bash ren CSAgent.sys donotcrash.sys 5.Restart Your Computer: Exit the command prompt and continue with the normal startup procedure.

In the June 2024 Patch Tuesday, Microsoft released updates to address over 50 security vulnerabilities in Windows and related software. Notably, they responded to criticism about a new feature called Recall, which constantly takes screenshots of users’ activities on their PCs. Security experts raised concerns about it being a potential gold mine for attackers. Microsoft has now disabled Recall by default on Copilot+ PCs. The most urgent patch this month is for a flaw in the Microsoft Message Queuing (MSMQ) service, which could allow remote code execution. https://lnkd.in/eU9wX3_a #Microsoft #Windows #Recall #MSMQ #YourPartnerInSuccess

Read our analysis of CrowdStrike's outage report and learn how customers and security vendors can use the flexibility and integrated capabilities of Windows for increased security and reliability: https://msft.it/6043ljubz

Is Windows TPM-based BitLocker Encryption Under Attack? Diving deep into TPM and BitLocker interactions reveals potential vulnerabilities that could be exploited under specific conditions. It seems accessing encryption keys from the Windows Recovery Environment without altering the boot process could provide unprecedented access to encrypted data. This raises important questions about the balance between usability and security in default encryption configurations. #Cybersecurity #BitLocker #TPM #DataProtection https://lnkd.in/dGH27bVe

Crowdstrike was able to do, by incompetence, what malicious actors have been trying to do for years. With one untested update, Crowdstrike crippled major companies across all sectors of the world's economy. Some outages could take weeks to restore. So in addition to protecting our networks against foreign attackers, cyber security professionals now have to worry about automated updates sent by the very software being used to protect against those attacks. What a wonderful world we've created.

Reading through the fallout of this disruption in CrowdStrike Falcon monitored Windows assets. Dont be too quick to judge CrowdStrike here…. A couple of thoughts. 1) If you have ever wondered why patch management strategy is so important - here is exhibit A. 2) I’m watching Microsoft quietly sit back and let CrowdStrike take the public bashing over their bad patch that caused the issue WITH CrowdStrike. 3) I’m watching the arguably most effective single security vendor on the planet get punished for yet another Microsoft quality issue. 4) This is why I’m proud to work with an org that deliberately delays pushing of updates until QA has been given a moment to validate the viability of the cumulative patching. Medicus IT By the way. This Msft patch impacted some Citrix Client as well. July patch roll up is the culprit. Patching is ultra important. Perfecting a patch management policy is importanter! 🤓 Be Saavy

The Cybersecurity Stories that Defined 2024 What are The Cybersecurity Stories that Defined 2024? CrowdStrike meltdown: "A faulty configuration update to CrowdStrike’s Falcon Sensor security software caused system crashes to Windows systems running the software in July. The content update to Channel File 291 caused an out-of-bounds memory read in the Windows sensor client, crashing affected Windows PCs and servers and sent them into a bootloop. An estimated 8.5 million Microsoft Windows systems were affected." Read more here: https://lnkd.in/gTsncQDk And here: https://lnkd.in/gVKCu9MD