As I type, we’re in the middle (maybe the start?) of what looks to be the biggest global IT outage. With millions of computers and servers taken offline, and getting stuck on a “Blue Screen of Death”.
It is wrongly being reported by many news outlets as a “Microsoft” outage, however this is not accurate. One of many reasons not to use the Daily Mail for news.
The issue appears to stem from a software update released by Cybersecurity vendor CrowdStrike . If you don’t use CrowdStrike , you will not be directly affected.
Fortunately for us and our customers, the majority of Computercentric clients use alternative Cybersecurity and Anti-Virus products such as Sophos, amongst others.
There is a workaround, which involves editing a system file manually, after booting into Safe Mode, however this is not a fix which can effected quickly, or remotely, it will usually necessitate a technician attenting to the affecting maching in person, which will likely mean the recovery time for this outage is long and drawn-out.
Workaround Steps:
Boot Windows into Safe Mode or the Windows Recovery Environment
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
Locate the file matching “C-00000291*.sys”, and delete it.
Boot the host normally.
Source: https://supportportal.crowdstrike.com/s/login/?ec=302&startURL=%2Fs%2Farticle%2FTech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19
At the time I write it is not clear if this is a spectacular cock-up by a CrowdStrike developer (hopefully), or a malicious attempt to disrupt their user base by hackers.
*Updated 19/07/2024 12:00
CEO of CrowdStrike George Kurtz has stated on Twitter that the problems were caused by a defect in an update released by them, and that a fix has been deployed. It remains unclear to us if this fix can retrospectively remedy impacted machines, or if manual intervention is still required. We suspect the latter.
