On July 19, 2024 a faulty update from CrowdStrike caused widespread crashes of Windows systems, affecting businesses globally. The update led to Blue Screens of Death (BSOD) and system reboots, impacting services like Google Cloud and Microsoft Azure. Ultimately affecting some of Australia's biggest businesses like Commonwealth Bank, Telstra and Qantas just to name a few.
Later on July 19, CrowdStrike identified and fixed the issue, advising manual deletion of a specific driver file which can be done by following these steps:
-
Boot Windows in Safe Mode or Windows Recovery Environment
-
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
-
Find the file named "C-00000291*.sys" and delete it
-
Restart the computer or server normally
Lessons from the incident
Technology monopolies like CrowdStrike and Windows are posing one of the biggest IT challenges to date, if one goes down, all goes down. Diversifying which services we use on a daily basis should become one of the top priorities.
Some might argue that this isn't a cybersecurity challenge but if we analyse the 3 core elements that cybersecurity aims to protect, also known as CIA:
-
Confidentiality
-
Integrity
-
Availability
The CrowdStrike incident clearly affected Availability.
On top of that, threat actors are currently exploiting the disruption for phishing attacks by spreading malware disguised as CrowdStrike updates.
