Who else was affected by CrowdStrike\u2019s Friday release and how to roll back bricked computers \u2014 all in this post\u2026\n<\/p>\n
What happened<\/h2>\n
\nIt all started early Friday morning with corporate users around the world reporting problems with Windows. At first, a glitch in Microsoft Azure was blamed, but later CrowdStrike confirmed<\/a> that the root cause was in the csagent.sys<\/em> or C-00000291*.sys<\/em> driver for its CrowdStrike EDR. And it was this driver that caused an abundance of silly office photos showing off the (dreaded) blue screens.<\/p>\n Blue screen of death on all computers = a day off for airport linemen<\/p><\/div>\n If we wanted to list everyone affected by this outage, such a list sure wouldn\u2019t fit into this post \u2013 or dozens of them. So instead we\u2019ll briefly cover the main victims of CrowdStrike\u2019s negligence. Airline companies, airports, and people who want to either go home or go off on a long-awaited vacation were the most affected:\n<\/p>\n \nVarious medical centers, chain stores, the New York subway, the largest bank in South Africa and many other organizations that make lives more comfortable and convenient on a daily basis were affected. The fullest list of those affected by the outage we can find is here<\/a> \u2014 and it\u2019s growing by the minute.\n<\/p>\n \nAt this stage, it\u2019s rather problematic estimating how long it\u2019ll take to fully restore the affected computers around the world. Things are complicated by the fact that users need to manually reboot their computers in Safe Mode. And in large corporations, this is usually impossible to do on your own without the help of a system administrator.<\/p>\n Nevertheless, here are the instructions for how to get rid of the blue screen of death caused by the CrowdStrike driver update:<\/strong>\n<\/p>\n \nAnd while your sysadmins are doing this, you could use a hack that\u2019s come out of India today: employees of one of the country\u2019s airports have started filling out boarding passes\u2026 manually.<\/p>\n India isn\u2019t too worried about the global disruption. Source<\/a><\/p><\/div>\n \nAvoiding this situation should have been straightforward. First, the update shouldn\u2019t have been released on a Friday. This is as per a rule that\u2019s been known to all in the industry since the year dot: if an error occurs, there\u2019s too little time to fix it before the weekend, so the system administrators at all companies affected need to work over the weekend to fix things.<\/p>\n It\u2019s important to be as responsible as possible about the quality of updates released. We at Kaspersky launched a program back in 2009 to prevent mass failures such as this one at our customers, and passed an SOC 2 audit<\/a>, which confirms the security of our internal processes. For 15 years now, every update has been subjected to multi-level performance testing on various configurations and operating system versions. This allows us to identify potential problems in advance and resolve them on the spot.<\/p>\n The principle of granular releases should be followed. Updates should be distributed gradually, not all at once to all customers. This approach allows us to react instantly and stop an update if necessary. If our users have a problem, we register it, and its solution becomes a priority at all levels of the company.<\/p>\n As with cybersecurity incidents, in addition to fixing the visible damage, you need to find the root cause to prevent these types of problems repeating in the future. It\u2019s necessary to check software updates on test infrastructure<\/a> for operability and errors before rolling them out to the company\u2019s \u201ccombat\u201d infrastructure, and to implement changes gradually \u2014 continually monitoring for possible failures.<\/p>\n Incident handling should be based on an integrated approach to building protection from a trusted supplier with the strictest internal requirements for the security, quality and availability of its services. The basis for this work can be the Kaspersky Next<\/a> line of solutions. This will help your company not only stay afloat \u2014 but also increase the efficiency of your information security system. This can be done either gradually \u2014 increasing protection step by step \u2014 or all in one go. Protect your infrastructure today with us so that the next global outage<\/a> doesn\u2019t affect your customers.<\/p>\n![\"Blue](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2024\/07\/19185553\/crowdstrike-global-cyber-outages-01.jpeg\")
<\/a>\n
How to fix it<\/h2>\n
\n
![\"India](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/37\/2024\/07\/19185602\/crowdstrike-global-cyber-outages-02.jpeg\")
<\/a>How the failure could have been avoided<\/h2>\n