Crowdstrike: An Epic Mistake

Learn about why Crowdstrike happened and how easily it could have been prevented.

Author

Devon Wantland
July 23, 2024 • Estimated Reading Time: 4 minutes

In partnership with

A Change In Pace 💣️ 

Hey Everyone, we’ve been taking time lately to restructure how we post and our content line and recently taken on some new positions in our careers! We’re excited to be updating our quality with new graphics, remodeled emails, and even deeper posts. We also want to update our posting schedule these next two weeks to only be twice and then back to the regular three a week end of August.

Update Devastation

Crowdstrike’s Logo

You wake up and head to the office on a Friday, a routine day with a routine patch. Oddly enough, you start to see panic on social media not too long after about everything stopping in its tracks…

July 19th is when Crowdstrike’s services crashed across the globe grounding over 11,000 flights the first day alone and causing almost 30,000 to be delayed a few days later. Healthcare was also substantially impacted as EHR’s that the stuff use was also compromised.

Fortunately, assistance was swift and Crowdstrike has since leapt into action to save it’s customer base. A hasty fix was found and shared to it’s many customers however it was still a laborious task to implement.

Cybersecurity Check: See How You Stack Up

Ever wonder how your cybersecurity measures stack up against your peers?

With Critical Start's Quick Start Risk Assessments, you're just 15 questions away from discovering how your organization’s security compares with industry standards.

It's a quick, free way to find your strengths and get actionable steps to improve your defenses, so you can set yourself apart as a cybersecurity leader.

Why wait? Take the assessment and up your security game in minutes!

Best for: Organizations with 500+ employees.

How Did This Happen?

An update that was apart of an ongoing maintenance operation led to the crash felt around the world. A content update with a bug on it’s Falcon EDR platform was pushed to Windows machines at July 19th. These are usually routine updates to configuration files (called “Channel Files”) for Falcon endpoint sensors several times a day.

Crowdstrike went on to clarify the exact cause of the crash as to dispel rumors ASAP.

“The update that occurred at 04:09 UTC was designed to target newly observed, malicious named pipes being used by common C2 frameworks in cyberattacks. The configuration update triggered a logic error that resulted in an operating system crash. “

This crash would repeat on reboot endlessly until Crowdstrike rushed to inform it’s customers of a fix.

Boot your Windows computer into Safe Mode or the Windows Recovery Environment.

Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory.

Locate the file matching "C-00000291*.sys" and delete it.

Boot the host normally.

Crowdstrike

Thanks for tuning in everyone, remember to subscribe, share our newsletter and follow us on our social media! We love to hear from you guys!

TheCyberShortcut’s Twitter

Come follow our Twitter page!

x.com/cybershortcut_1

TheCyberShortcut’s Instagram

See Instagram photos and videos from TheCyberShortcut (@thecybershortcut)

www.instagram.com/thecybershortcut

Reply

or to participate.