Gaming Club

IT

What is CrowdStrike, the cybersecurity platform that brought down Microsoft and affected airports and banks?

A failed update from cybersecurity firm CrowdStrike is causing global problems for infrastructure that uses Windows PCs, such as banks, airlines, and telecommunications companies.

A widespread problem on Windows PCs in businesses around the world is causing Microsoft a lot of headaches this Friday, July 19. The culprit? CrowdStrike, a cybersecurity firm that works with the Redmond company on high-profile enterprises such as banks, airlines, and telecommunications companies. It appears that a failed CrowdStrike update caused many computers used in critical infrastructure to get stuck in reboot loops or stop working altogether. This is not a cyber-attack, but a failure to implement a new security patch.

CrowdStrike and the problems it has caused for many infrastructures around the world using Windows PCs

At approximately 3:20 AM ET on Friday, July 19, 2024, we began to see reports of downed systems around the world, as we can see from the DownDetector website. These problems have one thing in common: they all use Microsoft infrastructure and services. The sectors affected are very broad, but there are three main ones: banking, airlines, and telecommunications.

crowdstrike microsoft servicios afectados españa

The problems started in Australia and gradually spread to the rest of the world. While this is an inconvenience for those affected, fortunately, there are no serious consequences as the outage was not caused by a cyber-attack, as initially thought, but by an update to CrowdStrike that caused problems.

CrowdStrike is a cybersecurity company that works closely with Microsoft and provides cloud support for many of the systems used in companies where security is critical, such as telecommunications, banking, and airlines. But as it happens, CrowdStrike had a problem with an update for all of these systems that caused them to get stuck in reboot loops, unable to get past the system recovery screen, or even unable to boot at all.

The cybersecurity firm is aware of the problems caused and said in a note that it has rolled back the update, although affected machines are still not operational.

What can be done to get back to normal operations on affected machines despite the CrowdStrike issue?

In a Reddit thread, many sysadmins around the world are saying that the steps to take to get back up and running on affected PCs are to start Windows in safe mode, go to the CrowdStrike folder, and delete a specific file related to this new update that caused all the problems. The step-by-step process is as follows:

  1. Start Windows in Safe Mode or in the Windows Recovery Environment.
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
  3. Locate and delete the C-00000291*.sys file.
  4. Restart the computer as normal.

An additional drawback to this solution is that these Windows system files are usually protected by BitLocker and require a password. This limits the operation to corporate IT staff, who are usually the ones securing such compromised information.