← Back to Library

Crowdstrike Update Causes Blue Screen of Death

By Daniel Kelley · The Cyber Why · · 4 min read

The below is a post written by The Cyber Why author and first posted on the Ox Security blog.

Happy almost weekend, everybody… or not, if you’re in IT… trying to travel… or get medical attention... or just get your work done and start the weekend off with a bang.

Many of us have woken up to the news of a massive global outage caused by a Crowdstrike Falcon endpoint sensor update for Windows hosts. From airlines to banking systems, emergency services to media outlets, businesses around the world are dealing with the dreaded Blue Screen of Death (BSOD) to kick their weekend into high gear.

NOTABLY… this is not a cyber attack. As far as we know, malintent is not an issue.

This image was added by TCW Editors - Not in the original post

According to the company’s website, the outage was caused by “a defect in a single content update for Windows hosts. Mac and Linux hosts are not affected.” Further, the company says that the issue was “identified, isolated and a fix has been deployed.” 

Good news! Except, according to sources, this isn’t the simple fix it’s being positioned as.

Source: Reddit: https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/ 

While attempting to triage the fix, many customers are reporting that they’re stuck in a boot loop and being forced to manually reset impacted servers, which could result in hours — or possibly days — of downtime and uncountable amounts of lost productivity and revenue. 

Dependency issue, not a cyber issue

If this is not a cybersecurity issue — and it does not seem to be — why is a company like OX commenting? Quite simply: because it highlights the criticality of understanding the longtail of dependencies within IT infrastructures. 

Neatsun Ziv, OX Security’s CEO and Co-founder, has said, “Incidents like the one we are seeing cause global chaos today, where an error in an update provided by a provider causes widespread outages, are not uncommon. What is unique about this incident is the scale at which it has taken place, likely wiping billions of dollars from the global economy due to global, widespread downtime.”

What’s become clear in the aftermath is that IT and operations teams are having to boot individual endpoints manually, which will take tons of time, especially for understaffed businesses. If the machine is Bitlockered, response teams will also have to enter a very long passcode, delete the

...
Read full article on The Cyber Why →

This excerpt is provided for preview purposes. Full article content is available on the original publication.