Major IT outage affecting banks, airlines, media outlets across the world

Cornelius_Wangenheim , 39 minutes ago

A bunch of shitty sysadmins/cybersec people just learned why you don’t blindly deploy new updates to production without testing them first.

I’ve used crowd strike before. It has support for deploying version N to a pilot group, N-1 to the test environment and N-2 to production.

victorz , 7 hours ago

If these affected systems are boot looping, how will they be fixed? Reinstall?

bevan , 7 hours ago

It is possible to edit a folder name in windows drivers. But for IT departments that could be more work than a reimage

Passerby6497 , 1 hour ago (edited 1 hour ago)

Having had to fix >100 machines today, I’m not sure how a reimage would be less work. Restoring from backups maybe, but reimage and reconfig is so painful

EncryptKeeper , 1 hour ago

It’s just one file to delete.

Sylence , 7 hours ago

There is a fix people have found which requires manual booting into safe mode and removal of a file causing the BSODs. No clue if/how they are going to implement a fix remotely when the affected machines can’t even boot.

letsgo , 5 hours ago

Probably have to go old-skool and actually be at the machine.

Freefall , 2 hours ago

Exactly, and super fun when all your systems are remote!!!

Passerby6497 , 1 hour ago

It’s not super awful as long as everything is virtual. It’s annoying, but not painful like it would be for physical systems.

Really don’t envy physical/desk side support folks today…

VieuxQueb , 2 hours ago

And hope you are not using BitLocker cause then you are screwed since BitLocker is tied to CS.

EncryptKeeper , 1 hour ago

You just need console access. Which if any of the affected servers are VMs, you’ll have.

CanadaPlus , 31 minutes ago

Yes, VMs will be more manageable.

ChefKalash , 3 hours ago

Do you have any source on this?

Sylence , 3 hours ago

If you have an account you can view the support thread here: …crowdstrike.com/…/Tech-Alert-Windows-crashes-rel…

Workaround Steps:

1. Boot Windows into Safe Mode or the Windows Recovery Environment
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
3. Locate the file matching “C-00000291*.sys”, and delete it.
4. Boot the host normally.

Passerby6497 , 1 hour ago

I can confirm it works after applying it to >100 servers :/

victorz , 1 hour ago

Nice work, friend. 🤝 [back pat]

CanadaPlus , 29 minutes ago

It seems like it’s in like half of the news stories.

AnUnusualRelic , 2 hours ago

An offline server is a secure server!

CanadaPlus , 35 minutes ago

Honestly my philosophy these days, when it comes to anything proprietary. They just can’t keep their grubby little fingers off of working software.

At least this time it was an accident.

solomon42069 , 5 hours ago

Why is no one blaming Microsoft? It’s their non resilient OS that crashed.

blackn1ght , 4 hours ago

Probably because it’s a Crowdstrike issue, they’ve pushed a bad update.

solomon42069 , 4 hours ago

OK, but people aren’t running Crowdstrike OS. They’re running Microsoft Windows.

I think that some responsibility should lie with Microsoft - to create an OS that

1. Recovers gracefully from third party code that bugs out
2. Doesn’t allow third party software updates to break boot

I get that there can be unforeseeable bugs, I’m a programmer of over two decades myself. But there are also steps you can take to strengthen your code, and as a Windows user it feels more like their resources are focused on random new shit no one wants instead of on the core stability and reliability of the system.

It seems to be like third party updates have a lot of control/influence over the OS and that’s all well and good, but the equivalent of a “Try and Catch” is what they needed here and yet nothing seems to be in place. The OS just boot loops.

EnderMB , 4 hours ago

It’s not just Windows, it’s affecting services that people that primarily use other OS’s rely on, like Outlook or Federated login.

In these situations, blame isn’t a thing, because everyone knows that a LSE can happen to anyone at any time. The second you start to throw stones, people will throw them back when something inevitably goes wrong.

While I do fundamentally agree with you, and believe that the correct outcome should be “how do we improve things so that this never happens again”, it’s hard to attach blame to Microsoft when they’re the ones that have to triage and ensure that communication is met.

solomon42069 , 3 hours ago

I reckon it’s hard to attach blame to Microsoft because of the culture of corporate governance and how decisions are made (without experts).

Tech has become a bunch of walled gardens with absolute secrecy over minor nothings. After 1-2 decades of that, we have a generation of professionals who have no idea how anything works and need to sign up for $5 a month phone app / cloud services just to do basic stuff they could normally do on their own on a PC - they just don’t know how or how to put the pieces together due to inexperience / lack of exposure.

Whether it’s corporate or government leadership, the lack of understanding of basics in tech is now a liability. It’s allowed corporations like Microsoft to set their own quality standards without any outside regulation while they are entrusted with vital infrastructure and to provide technical advisory, even though they have a clear vested interest there.

lanolinoil , 3 hours ago

banks wouldn’t use something that black box. just trust me bro wouldn’t be a good pitch

catloaf , 46 minutes ago

If you trust banks that much, I have very bad news for you.

barsquid , 3 hours ago

AFAICT Microsoft is busy placing ads on everything and screen logging user activity instead of making a resilient foundation.

For contrast: I’ve been running Fedora Atomic. I’m sure it is possible to add some kernel mod that completely breaks the system. But if there was a crash on boot, in most situations, I’d be able to roll back to the last working version of everything.

veam , 3 hours ago

oh joy. can’t wait to have to fix this for all of our clients today…

iturnedintoanewt , 3 hours ago

You have no idea how much fun its being.

Passerby6497 , 2 hours ago

I’m so tired of all the fun…

stochastic_parrot , 55 minutes ago

“Today”, right. I wish you a good weekend stranger.

kadotux , 7 hours ago (edited 7 hours ago)

Here’s the fix: (or rather workaround, released by CrowdStrike) 1)Boot to safe mode/recovery 2)Go to C:\Windows\System32\drivers\CrowdStrike 3)Delete the file matching “C-00000291*.sys” 4)Boot the system normally

StV2 , 6 hours ago

It’s disappointing that the fix is so easy to perform and yet it’ll almost certainly keep a lot of infrastructure down for hours because a majority of people seem too scared to try to fix anything on their own machine (or aren’t trusted to so they can’t even if they know how)

r00ty Admin , 6 hours ago

It might not even be that. A lot of places have many servers (and even more virtual servers) running crowdstrike. Some places also seem to have it on endpoints too.

That's a lot of machines to manually fix.

HaleHirsute , 6 hours ago

They also gotta get the fix through a trusted channel and not randomly on the internet. (No offense to the person that gave the info, it’s maybe correct but you never know)

kadotux , 6 hours ago

Yeah, and it’s unknown if CS is active after the workaround or not (source: hackernews commentator)

letsgo , 6 hours ago

True, but knowing what the fix might be means you can Google it and see what comes back. It was on StackOverflow for example, but at the time of this comment has been taken offline for moderation - whatever that means.

huginn , 2 hours ago

Yeah and a lot of corpo VPNs are gonna be down from this too.

NaibofTabr , 6 hours ago

This sort of fix might not be accessible to a lot of employees who don’t have admin access on their company laptops, and if the laptop can’t be accessed remotely by IT then the options are very limited. Trying to walk a lot of nontechnical users through this over the phone won’t go very well.

AccountMaker , 4 hours ago

Yup, that’s me. We booted into safe mode, tried navigating into the CrowdStrike folder and boom: permission denied.

Cryophilia , 51 minutes ago

Half our shit can’t even boot into safe mode because it’s encrypted and we don’t have the keys rofl

Munkisquisher , 6 hours ago

And people need to travel to remote machines to do this in person

thehatfox , 3 hours ago

Might seem easy to someone with a technical background. But the last thing businesses want to be doing is telling average end users to boot into safe mode and start deleting system files.

If that started happening en masse we would quickly end up with far more problems than we started with. Plenty of users would end up deleting system32 entirely or something else equally damaging.

Ookami38 , 1 hour ago

I do IT for some stores. My team lead briefly suggested having store managers try to do this fix. I HARD vetoed that. That’s only going to do more damage.

CaptainBasculin , 6 hours ago

A driver failure, yeesh. It always sucks to deal with it.

cheeseburger , 5 hours ago

I’m on a bridge still while we wait for Bitlocker recovery keys, so we can actually boot into safemode, but the Bitkocker key server is down as well…

gnutrino , 5 hours ago

Gonna be a nice test of proper backups and disaster recovery protocols for some organisations

huginn , 2 hours ago

Chaos Monkey test

WagnasT , 3 hours ago

Man, it sure would suck if you could still get to safe mode from pressing f8. Can you imagine how terrible that’d be?

a_postmodern_hat , 2 hours ago

You hold down Shift while restarting or booting and you get a recovery menu. I don’t know why they changed this behaviour.

Ookami38 , 1 hour ago

That was the dumbest thing to learn this morning.

umami_wasbi , 4 hours ago

No one bother to test before deploying to all machines? Nice move.

pufferfisherpowder , 2 hours ago

YOLO 🚀🙈

huginn , 2 hours ago

This outage is probably costing a significant portion of Crowd strike’s market cap. They’re an 80 billion dollar company but this is a multibillion outage.

Someone’s getting fired for this. Massive process failures like this means that it should be some high level managers or the CTO going out.

TheBat , 1 hour ago

Puts on Crowdstrike?

recapitated , 1 hour ago

Clownstrike

lando55 , 1 hour ago

Crowdshite haha gotem

kamenoko , 1 hour ago

AWS No!!!

Oh wait it’s not them for once.

autotldr Bot , 8 hours ago

This is the best summary I could come up with:

---

There are reports of IT outages affecting major institutions in Australia and internationally.

The ABC is experiencing a major network outage, along with several other media outlets.

Crowd-sourced website Downdetector is listing outages for Foxtel, National Australia Bank and Bendigo Bank.

Follow our live blog as we bring you the latest updates.

---

The original article contains 52 words, the summary contains 52 words. Saved 0%. I’m a bot and I’m open source!

dorythefish , 1 hour ago

The original article contains 52 words, the summary contains 52 words. Saved 0%. Good bot!

sasquash , 5 hours ago

never do updates on a Friday.

rozodru , 3 hours ago

yeah someone fucked up here. I mean I know you’re joking but I’ve been in tech for like 20+ years at this point and it was always, always, ALWAYS, drilled into me to never do updates on Friday, never roll anything out to production on Friday. Fridays were generally meant for code reviews, refactoring in test, work on personal projects, raid the company fridge for beer, play CS at the office, whatever just don’t push anything live or update anything.

And especially now the work week has slimmed down where no one works on Friday anymore so you 100% don’t roll anything out, hell it’s getting to the point now where you just don’t roll anything out on a Thursday afternoon.

0x0 , 3 hours ago

And especially now the work week has slimmed down where no one works on Friday anymore

Excuse me, what now? I didn’t get that memo.

meanmon13 , 2 hours ago

Yeah it’s great :-) 4 10hr shifts and every weekend is a 3 day weekend

rozodru , 2 hours ago

sorry :( yeah I, at most, do 3 days in the office now. Fridays are a day off and Mondays mostly everyone just works from home if at all. downtown Toronto on Mondays and Fridays is pretty much dead.

Blackmist , 2 hours ago

Yep, anything done on Friday can enter the world on a Monday.

I don’t really have any plans most weekends, but I sure as shit don’t plan on spending it fixing Friday’s fuckups.

spyd3r , 3 hours ago

Never update unless something is broken.

Toribor , 3 hours ago

This is fine as long as you politely ask everyone on the Internet to slow down and stop exploiting new vulnerabilities.

Ookami38 , 3 hours ago

I think vulnerabilities found count as “something broken” and chap you replied to simply did not think that far ahead hahah

huginn , 2 hours ago

For real - A cyber security company should basically always be pushing out updates.

iknowitwheniseeit , 3 hours ago

BTW, I use Arch.

Nachorella , 2 hours ago

If it was Arch you’d update once every 15 minutes whether anything’s broken or not.

Passerby6497 , 2 hours ago

That’s advice so smart you’re guaranteed to have massive security holes.

iAvicenna , 2 hours ago

https://lemmy.world/pictrs/image/2b3581a1-27d9-473e-b9b9-864dc2c41ba1.jpeg

Nachorella , 2 hours ago

My company used to use something else but after getting hacked switched to crowdstrike and now this. Hilarious clownery going on. Fingers crossed I’ll be working from home for a few days before anything is fixed.

robocall , 4 hours ago

Buy the dip!

jecht360 , 2 hours ago

More like short them. This is going to be devastating for their business. I could see them losing tons of customers.

ari_verse , 3 hours ago

A few years ago when my org got the ask to deploy the CS agent in linux production servers and I also saw it getting deployed in thousands of windows and mac desktops all across, the first thought that came to mind was “massive single point of failure and security threat”, as we were putting all the trust in a single relatively small company that will (has?) become the favorite target of all the bad actors across the planet. How long before it gets into trouble, either because if it’s own doing or due to others?

I guess that we now know

SupraMario , 3 hours ago

No bad actors did this, and security goes in fads. Crowdstrike is king right now, just as McAfee/Trellix was in the past. If you want to run around without edr/xdr software be my guest.

ansiz , 2 hours ago

All of the security vendors do it over enough time. McAfee used to be the king of them.

zdnet.com/…/defective-mcafee-update-causes-worldw…

bleepingcomputer.com/…/trend-micro-antivirus-modi…

techradar.com/…/microsoft-releases-fix-for-botche…