Major IT outage affecting banks, airlines, media outlets across the world

jedibob5 , 8 hours ago

Reading into the updates some more… I’m starting to think this might just destroy CloudStrike as a company altogether. Between the mountain of lawsuits almost certainly incoming and the total destruction of any public trust in the company, I don’t see how they survive this. Just absolutely catastrophic on all fronts.

NaibofTabr , 8 hours ago

If all the computers stuck in boot loop can’t be recovered… yeah, that’s a lot of cost for a lot of businesses. Add to that all the immediate impact of missed flights and who knows what happening at the hospitals. Nightmare scenario if you’re responsible for it.

This sort of thing is exactly why you push updates to groups in stages, not to everything all at once.

rxxrc OP , 8 hours ago

Looks like the laptops are able to be recovered with a bit of finagling, so fortunately they haven’t bricked everything.

And yeah staged updates or even just… some testing? Not sure how this one slipped through.

dactylotheca , 7 hours ago

Not sure how this one slipped through.

I’d bet my ass this was caused by terrible practices brought on by suits demanding more “efficient” releases.

“Why do we do so much testing before releases? Have we ever had any problems before? We’re wasting so much time that I might not even be able to buy another yacht this year”

GoofSchmoofer , 6 hours ago

At least nothing like this happens in the airline industry

dactylotheca , 6 hours ago

Certainly not! Or other industries for that matter. It’s a good thing executives everywhere aren’t just concentrating on squeezing the maximum amount of money out of their companies and funneling it to themselves and their buddies on the board.

Sure, let’s “rightsize” the company by firing 20% of our workforce (but not management!) and raise prices 30%, and demand that the remaining employees maintain productivity at the level it used to be before we fucked things up. Oh and no raises for the plebs, we can’t afford it. Maybe a pizza party? One slice per employee though.

Munkisquisher , 8 hours ago

Yeah saw that several steel mills have been bricked by this, that’s months and millions to restart

gazter , 5 hours ago

Got a link? I find it hard to believe that a process like that would stop because of a few windows machines not booting.

TheBat , 5 hours ago

a few windows machines with controller application installed

That’s the real kicker.

drspod , 2 hours ago

Those machines should be airgapped and no need to run Crowdstrike on them. If the process controller machines of a steel mill are connected to the internet and installing auto updates then there really is no hope for this world.

TheBat , 2 hours ago

But daddy microshoft says i gotta connect the system to the internet uwu

IsThisAnAI , 7 hours ago

What lawsuits do you think are going to happen?

Nachorella , 4 hours ago

They can have all the clauses they like but pulling something like this off requires a certain amount of gross negligence that they can almost certainly be held liable for.

IsThisAnAI , 35 minutes ago

Whatever you say my man. It’s not like they go through very specific SLA conversations and negotiations to cover this or anything like that.

Cryophilia , 2 hours ago

Forget lawsuits, they’re going to be in front of congress for this one

IsThisAnAI , 2 hours ago

For what? At best it would be a hearing on the challenges of national security with industry.

RegalPotoo , 7 hours ago

Agreed, this will probably kill them over the next few years unless they can really magic up something.

They probably don’t get sued - their contracts will have indemnity clauses against exactly this kind of thing, so unless they seriously misrepresented what their product does, this probably isn’t a contract breach.

If you are running crowdstrike, it’s probably because you have some regulatory obligations and an auditor to appease - you aren’t going to be able to just turn it off overnight, but I’m sure there are going to be some pretty awkward meetings when it comes to contract renewals in the next year, and I can’t imagine them seeing much growth

Skydancer , 5 hours ago

Nah. This has happened with every major corporate antivirus product. Multiple times. And the top IT people advising on purchasing decisions know this.

SupraMario , 5 hours ago

Yep. This is just uninformed people thinking this doesn’t happen. It’s been happening since av was born. It’s not new and this will not kill CS they’re still king.

jedibob5 , 1 hour ago

Don’t most indemnity clauses have exceptions for gross negligence? Pushing out an update this destructive without it getting caught by any quality control checks sure seems grossly negligent.

Wooki , 7 hours ago

Testing is production will do that

TheBat , 3 hours ago

Not everyone is fortunate enough to have a seperate testing environment, you know? Manglement has to cut cost somewhere.

Blisterexe , 2 hours ago

Manglement is the good term lmao

ThrowawaySobriquet , 7 hours ago

I think you’re on the nose, here. I laughed at the headline, but the more I read the more I see how fucked they are. Airlines. Industrial plants. Fucking governments. This one is big in a way that will likely get used as a case study.

Cryophilia , 2 hours ago

The London Stock Exchange went down. They’re fukd.

rozodru , 5 hours ago

It’s just amatuer hour across the board. Were they testing in production? no code review or even a peer review? they roll out for a Friday? It’s like basic level start up company “here’s what not to do” type shit that a junior dev fresh out of university would know. It’s like “explain to the project manager with crayons why you shouldn’t do this” type of shit.

It just boggles my mind that if you’re rolling out an update to production that there was clearly no testing. There was no review of code cause experts are saying it was the result of poorly written code.

Regardless if you’re low level security then apparently you can just boot into safe and rename the crowdstrike folder and that should fix it. higher level not so much cause you’re likely on bitlocker which…yeah don’t get me started no that bullshit.

regardless I called out of work today. no point. it’s friday, generally nothing gets done on fridays (cause we know better) and especially today nothing is going to get done.

Revan343 , 2 hours ago

explain to the project manager with crayons why you shouldn’t do this

Can’t; the project manager ate all the crayons

candybrie , 2 hours ago

Why is it bad to do on a Friday? Based on your last paragraph, I would have thought Friday is probably the best week day to do it.

Lightor , 2 hours ago

Most companies, money included, try to roll out updates during the middle of start of a week. That way if there are issues the full team is available to address them.

Bell , 2 hours ago

Don’t we blame MS at least as much? How does MS let an update like this push through their Windows Update system? How does an application update make the whole OS unable to boot? Blue screens on Windows have been around for decades, why don’t we have a better recovery system?

sandalbucket , 53 minutes ago

Crowdstrike runs at ring 0, effectively as part of the kernel. Like a device driver. There are no safeguards at that level. Extreme testing and diligence is required, because these are the consequences for getting it wrong. This is entirely on crowdstrike.

bdonvr , 6 hours ago

The amount of servers running Windows out there is depressing to me

franklin , 5 hours ago

The four multinational corporations I worked at were almost entirely Windows servers with the exception of vendor specific stuff running Linux. Companies REALLY want that support clause in their infrastructure agreement.

Avatar_of_Self , 42 minutes ago

I’ve worked as an IT architect at various companies in my career and you can definitely get support contracts for engineering support of RHEL, Ubuntu, SUSE, etc. That isn’t the issue. The issue is that there are a lot of system administrators with “15 years experience in Linux” that have no real experience in Linux. They have experience googling for guides and tutorials while having cobbled together documents of doing various things without understanding what they are really doing.

I can’t tell you how many times I’ve seen an enterprise patch their Linux solutions (if they patched them at all with some ridiculous rubberstamped PO&AM) manually without deploying a repo and updating the repo treating it as you would a WSUS. Hell, I’m pleasantly surprised if I see them joined to a Windows domain (a few times) or an LDAP (once but they didn’t have a trust with the Domain Forest or use sudoer rules…sigh).

Blackmist , 4 hours ago

I’ve had my PC shut down for updates three times now, while using it as a Jellyfin server from another room. And I’ve only been using it for this purpose for six months or so.

I can’t imagine running anything critical on it.

ccdfa , 4 hours ago

Windows server, the OS, runs differently from desktop windows. So if you’re using desktop windows and expecting it to run like a server, well, that’s on you. However, I ran windows server 2016 and then 2019 for quite a few years just doing general homelab stuff and it is really a pain compared to Linux which I switched to on my server about a year ago. Server stuff is just way easier on Linux in my experience.

conciselyverbose , 3 hours ago

It doesn’t have to, though. Linux manages to do both just fine, with relatively minor compromises.

Expecting an OS to handle keeping software running is not a big ask.

sugar_in_your_tea , 1 hour ago

Yup, I use Linux to run a Jellyfin server, as well as a few others things. The only problem is that the CPU I’m using (Ryzen 1st gen) will crash every couple weeks or so (known hardware fault, I never bothered to RMA), but that’s honestly not that bad since I can just walk over and restart it. Before that, it ran happily on an old Phenom II from 2009 for something like 10 years (old PC), and I mostly replaced it because the Ryzen uses a bit less electricity (enough that I used to turn the old PC off at night; this one runs 24/7 as is way more convenient).

So aside from this hardware issue, Linux has been extremely solid. I have a VPS that tunnels traffic into my Jellyfin and other services from outside, and it pretty much never goes down (I guess the host reboots it once a year or something for hardware maintenance). I run updates when I want to (when I remember, which is about monthly), and it only goes down for like 30 sec to reboot after updates are applied.

So yeah, Linux FTW, once it’s set up, it just runs.

0xD , 2 hours ago

Well with your level of expertise you should probably not be running anything, to be honest :)

ji17br , 2 hours ago

Wow dude you’re so cool. I bet that made you feel so superior. Everyone on here thinks you are so badass.

Rinox , 3 hours ago

I dunno, but doesn’t like a quarter of the internet kinda run on Azure?

atocci , 2 hours ago

And 60% of Azure is running Linux lol

Rinox , 2 hours ago

I guess Spotify was running on the other 40%, as many other services

pewgar_seemsimandroid , 2 hours ago

so 40% of azure crashes a quarter of the internet…

unconfirmedsourcesDOTgov , 1 hour ago

Where did you think Microsoft was getting all (hyperbole) of their money from?

sasquash , 7 hours ago

never do updates on a Friday.

rozodru , 5 hours ago

yeah someone fucked up here. I mean I know you’re joking but I’ve been in tech for like 20+ years at this point and it was always, always, ALWAYS, drilled into me to never do updates on Friday, never roll anything out to production on Friday. Fridays were generally meant for code reviews, refactoring in test, work on personal projects, raid the company fridge for beer, play CS at the office, whatever just don’t push anything live or update anything.

And especially now the work week has slimmed down where no one works on Friday anymore so you 100% don’t roll anything out, hell it’s getting to the point now where you just don’t roll anything out on a Thursday afternoon.

0x0 , 4 hours ago

And especially now the work week has slimmed down where no one works on Friday anymore

Excuse me, what now? I didn’t get that memo.

meanmon13 , 4 hours ago

Yeah it’s great :-) 4 10hr shifts and every weekend is a 3 day weekend

rozodru , 4 hours ago

sorry :( yeah I, at most, do 3 days in the office now. Fridays are a day off and Mondays mostly everyone just works from home if at all. downtown Toronto on Mondays and Fridays is pretty much dead.

Blackmist , 4 hours ago

Yep, anything done on Friday can enter the world on a Monday.

I don’t really have any plans most weekends, but I sure as shit don’t plan on spending it fixing Friday’s fuckups.

sugar_in_your_tea , 1 hour ago

And honestly, anything that can be done Monday is probably better done on Tuesday. Why start off your week by screwing stuff up?

We have a team policy to never do externally facing updates on Fridays, and we generally avoid Mondays as well unless it’s urgent. Here’s roughly what each day is for:

• Monday - urgent patches that were ready on Friday; everyone WFH
• Tuesday - most releases; work in-office
• Wed - fixing stuff we broke on Tuesday/planning the next release; work in-office
• Thu - fixing stuff we broke on Tuesday, closing things out for the week; WFH
• Fri - documentation, reviews, etc; WFH

If things go sideways, we come in on Thu to straighten it out, but that almost never happens.

spyd3r , 5 hours ago

Never update unless something is broken.

Toribor , 5 hours ago

This is fine as long as you politely ask everyone on the Internet to slow down and stop exploiting new vulnerabilities.

Ookami38 , 5 hours ago

I think vulnerabilities found count as “something broken” and chap you replied to simply did not think that far ahead hahah

huginn , 4 hours ago

For real - A cyber security company should basically always be pushing out updates.

sugar_in_your_tea , 1 hour ago

Exactly. You don’t know what the vulnerabilities are, but the vendors pushing out updates typically do. So stay on top of updates to limit the attack surface.

Major releases can wait, security updates should be pushed as soon as they can be proven to not break prod.

iknowitwheniseeit , 5 hours ago

BTW, I use Arch.

Nachorella , 4 hours ago

If it was Arch you’d update once every 15 minutes whether anything’s broken or not.

sugar_in_your_tea , 1 hour ago

I use Tumbleweed, so I only get updates once/day, twice if something explodes. I used to use Arch, so my update cycle has lengthened from 1-2x/day to 1-2x/week, which is so much better.

Passerby6497 , 4 hours ago

That’s advice so smart you’re guaranteed to have massive security holes.

kadotux , 9 hours ago (edited 8 hours ago)

Here’s the fix: (or rather workaround, released by CrowdStrike) 1)Boot to safe mode/recovery 2)Go to C:\Windows\System32\drivers\CrowdStrike 3)Delete the file matching “C-00000291*.sys” 4)Boot the system normally

StV2 , 8 hours ago

It’s disappointing that the fix is so easy to perform and yet it’ll almost certainly keep a lot of infrastructure down for hours because a majority of people seem too scared to try to fix anything on their own machine (or aren’t trusted to so they can’t even if they know how)

r00ty Admin , 8 hours ago

It might not even be that. A lot of places have many servers (and even more virtual servers) running crowdstrike. Some places also seem to have it on endpoints too.

That's a lot of machines to manually fix.

HaleHirsute , 8 hours ago

They also gotta get the fix through a trusted channel and not randomly on the internet. (No offense to the person that gave the info, it’s maybe correct but you never know)

kadotux , 8 hours ago

Yeah, and it’s unknown if CS is active after the workaround or not (source: hackernews commentator)

letsgo , 7 hours ago

True, but knowing what the fix might be means you can Google it and see what comes back. It was on StackOverflow for example, but at the time of this comment has been taken offline for moderation - whatever that means.

huginn , 4 hours ago

Yeah and a lot of corpo VPNs are gonna be down from this too.

ColeSloth , 1 hour ago

Meh. Even if it bricked crowdstrike instead of helping, you can just restore the file you deleted. A file in that folder can’t brick a windows system.

NaibofTabr , 8 hours ago

This sort of fix might not be accessible to a lot of employees who don’t have admin access on their company laptops, and if the laptop can’t be accessed remotely by IT then the options are very limited. Trying to walk a lot of nontechnical users through this over the phone won’t go very well.

AccountMaker , 6 hours ago

Yup, that’s me. We booted into safe mode, tried navigating into the CrowdStrike folder and boom: permission denied.

Cryophilia , 2 hours ago

Half our shit can’t even boot into safe mode because it’s encrypted and we don’t have the keys rofl

Munkisquisher , 8 hours ago

And people need to travel to remote machines to do this in person

thehatfox , 5 hours ago

Might seem easy to someone with a technical background. But the last thing businesses want to be doing is telling average end users to boot into safe mode and start deleting system files.

If that started happening en masse we would quickly end up with far more problems than we started with. Plenty of users would end up deleting system32 entirely or something else equally damaging.

Ookami38 , 3 hours ago

I do IT for some stores. My team lead briefly suggested having store managers try to do this fix. I HARD vetoed that. That’s only going to do more damage.

nyarla , 1 hour ago

Yes but the recovery menu may have been configured to ask for administrative credentials, to prevent unwanted access to the computer, and then fixing the problem would take way longer.

CaptainBasculin , 8 hours ago

A driver failure, yeesh. It always sucks to deal with it.

cheeseburger , 7 hours ago

I’m on a bridge still while we wait for Bitlocker recovery keys, so we can actually boot into safemode, but the Bitkocker key server is down as well…

gnutrino , 7 hours ago

Gonna be a nice test of proper backups and disaster recovery protocols for some organisations

huginn , 4 hours ago

Chaos Monkey test

WagnasT , 5 hours ago

Man, it sure would suck if you could still get to safe mode from pressing f8. Can you imagine how terrible that’d be?

a_postmodern_hat , 4 hours ago

You hold down Shift while restarting or booting and you get a recovery menu. I don’t know why they changed this behaviour.

Ookami38 , 3 hours ago

That was the dumbest thing to learn this morning.

resin85 , 3 minutes ago

Not that easy when it’s a fleet of servers in multiple remote data centers. Lots of IT folks will be spending their weekend sitting in data center cages.

richtellyard , 9 hours ago

This is going to be a Big Deal for a whole lot of people. I don’t know all the companies and industries that use Crowdstrike but I might guess it will result in airline delays, banking outages, and hospital computer systems failing. Hopefully nobody gets hurt because of it.

RegalPotoo , 9 hours ago

Big chunk of New Zealands banks apparently run it, cos 3 of the big ones can’t do credit card transactions right now

oderus , 8 hours ago

It was mayhem at PakNSave a bit ago.

emmanuel_car , 8 hours ago

In my experience it’s always mayhem at PakNSave.

deadbeef79000 , 4 hours ago

If anything, it’s probably calmed P’n’S down a bit…

index , 5 hours ago

cos 3 of the big ones can’t do credit card transactions right now

Bitcoin still up and running perhaps people can use that

I_Miss_Daniel , 2 hours ago

Bitcoin Cash maybe. Didn’t they bork Bitcoin (Core) so you have to wait for confirmations in the next block?

whotookkarl , 53 minutes ago

Several 911 systems were affected or completely down too

Damage , 7 hours ago

The thought of a local computer being unable to boot because some remote server somewhere is unavailable makes me laugh and sad at the same time.

Munkisquisher , 6 hours ago

A remote server that you pay some serious money to that pushes a garbage driver that prevents yours from booting

lanolinoil , 5 hours ago

yeah so you can’t get Chinese government spyware installed.

Passerby6497 , 4 hours ago

Not only does it (possibly) prevent booting, but it will also bsod it first so you’ll have to see how lucky you get.

Goddamn I hate crowdstrike. Between this and them fucking up and letting malware back into a system, I have nothing nice to say about them.

Cryophilia , 2 hours ago (edited 2 hours ago)

It’s bsod on boot

And anything encrypted with bitlocker can’t even go into safe mode to fix it

Passerby6497 , 54 minutes ago

It doesn’t consistently bsod on boot, about half of affected machines did in our environment, but all of them did experience a bsod while running. A good amount of ours just took the bad update, bsod’d and came back up.

rxxrc OP , 6 hours ago

I don’t think that’s what’s happening here. As far as I know it’s an issue with a driver installed on the computers, not with anything trying to reach out to an external server. If that were the case you’d expect it to fail to boot any time you don’t have an Internet connection.

Windows is bad but it’s not that bad yet.

__init__ , 2 hours ago

It’s just a fun coincidence that the azure outage was around the same time.

NaibofTabr , 8 hours ago

Wow, I didn’t realize CrowdStrike was widespread enough to be a single point of failure for so much infrastructure. Lot of airports and hospitals offline.

The Federal Aviation Administration (FAA) imposed the global ground stop for airlines including United, Delta, American, and Frontier.

Flights grounded in the US.

The System is Down

EncryptKeeper , 3 hours ago

Yeah my plans of going to sleep last night were thoroughly dashed as every single windows server across every datacenter I manage between two countries all cried out at the same time lmao

TheBat , 3 hours ago

How many coffee cups have you drank in the last 12 hours?

Cryophilia , 2 hours ago

I work in a data center

I lost count

TheBat , 2 hours ago

What was Dracula doing in your data centre?

KingThrillgore , 2 hours ago

Because he’s Dracula. He’s twelve million years old.

THE WORMS

jj4211 , 2 minutes ago

I work in a datacenter, but no Windows. I slept so well.

Though a couple years back some ransomware that also impacted Linux ran through, but I got to sleep well because it only bit people with easily guessed root passwords. It bit a lot of other departments at the company though.

This time even the Windows folks were spared, because CrowdStrike wasn’t the solution they infested themselves with (they use other providers, who I fully expect to screw up the same way one day).

szczuroarturo , 2 hours ago

I always wondered who even used windows server given how marginal its marketshare is. Now i know from the news.

rottingleaf , 1 hour ago

Well, I’ve seen some, but they usually don’t have automatic updates and generally do not have access to the Internet.

Mjpasta710 , 1 hour ago

This is a crowdstrike issue specifically related to the falcon sensor. Happens to affect only windows hosts.

Eril , 1 hour ago

My current company does and I hate it so much. Who even got that idea in the first place? Linux always dominated server-side stuff, no?

Pringles , 1 hour ago

Marginal? You must be joking. A vast amount of servers run on Windows Server. Where I work alone we have several hundred and many companies have a similar setup. Statista put the Windows Server OS market share over 70% in 2019. While I find it hard to believe it would be that high, it does clearly indicate it’s most certainly not a marginal percentage.

jj4211 , 4 minutes ago

I’m not getting an account on Statista, and I agree that its marketshare isn’t “marginal” in practice, but something is up with those figures, since overwhelmingly internet hosted services are on top of Linux. Internal servers may be a bit different, but “servers” I’d expect to count internet servers…

Delta_V , 1 hour ago

Not too long ago, a lot of Customer Relationship Management (CRM) software ran on MS SQL Server. Businesses made significant investments in software and training, and some of them don’t have the technical, financial, or logistical resources to adapt - momentum keeps them using Windows Server.

For example, small businesses that are physically located in rural areas can’t use cloud based services because rural internet is too slow and unreliable. Its not quite the case that there’s no amount of money you can pay for a good internet connection in rural America, but last time I looked into it, Verizon wanted to charge me $20,000 per mile to run a fiber optic cable from the nearest town to my client’s farm.

Semi_Hemi_Demigod , 2 hours ago

Did you feel a great disturbance in the force?

rottingleaf , 1 hour ago

How’s it going, Obi-Wan?

jayandp , 1 hour ago

https://sh.itjust.works/pictrs/image/1b860497-8e1f-472a-a124-a2c2b12e9c1f.gif

iAvicenna , 4 hours ago

https://lemmy.world/pictrs/image/2b3581a1-27d9-473e-b9b9-864dc2c41ba1.jpeg

Sylence , 9 hours ago

Yep, stuck at the airport currently. All flights grounded. All major grocery store chains and banks also impacted. Bad day to be a crowdstrike employee!

iknowitwheniseeit , 4 hours ago

My flight was canceled. Luckily that was a partner airline. My actual airline rebooked me on a direct flight. Leaves 3 hours later and arrives earlier. Lower carbon footprint. So, except that I’m standing in queue so someone can inspect my documents it’s basically a win for me. 😆

AnUnusualRelic , 4 hours ago

An offline server is a secure server!

CanadaPlus , 2 hours ago

Honestly my philosophy these days, when it comes to anything proprietary. They just can’t keep their grubby little fingers off of working software.

At least this time it was an accident.

invisiblegorilla , 2 hours ago

Ironic. They did what they are there to protect against. Fucking up everyone’s shit

Telorand , 2 hours ago

Maybe centralizing everything onto one company’s shoulders wasn’t such a great idea after all…

Excrubulent , 1 hour ago

Wait, monopolies are bad? This is the first I’ve ever heard of this concept. So much so that I actually coined the term “monopoly” just now to describe it.

joostjakob , 1 hour ago

Someone should invent a game, that while playing demonstrates how much monopolies suck for everyone involved (except the monopolist)

KingJalopy , 14 minutes ago

And make it so you lose friends and family over the course of the 4+ hour game. Also make a thimble to fight over, that would be dope.

Telorand , 40 minutes ago

I mean, I’m sure those companies that have them don’t think so—when they aren’t the cause of muti-industry collapses.

jaybone , 11 minutes ago

Yes, it’s almost as if there should be laws to prevent that sort of thing. Hmm

jaybone , 12 minutes ago

The too big to fail philosophy at its finest.

StaySquared , 1 hour ago

CrowdStrike has a new meaning… literally Crowd Strike.

nintendiator , 18 minutes ago

Since when has any antivirus ever had the intent of actually protecting against viruses? The entire antivirus market is a scam.

recapitated , 3 hours ago

Clownstrike

lando55 , 3 hours ago

Crowdshite haha gotem

WhatAmLemmy , 1 minute ago

CrowdCollapse

misk , 9 hours ago

My work PC is affected. Nice!

wreckedcarzz , 9 hours ago

Plot twist: you’re head of IT

R00bot , 8 hours ago

Same! Got to log off early 😎

Munkisquisher , 8 hours ago

Dammit, hit us at 5pm on Friday in NZ

BigRedUndead , 7 hours ago

4:00PM here in Aus. Absolutely perfect for an early Friday knockoff.

Magnolia_ , 1 hour ago

Noice!

ililiililiililiilili , 8 hours ago

My dad needed a CT scan this evening and the local ER’s system for reading the images was down. So they sent him via ambulance to a different hospital 40 miles away. Now I’m reading tonight that CrowdStrike may be to blame.