this post was submitted on 19 Jul 2024
1203 points (99.5% liked)

Technology

59064 readers
3515 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s
[email protected]
[email protected]
L4s
enu
1203
Major IT outage affecting banks, airlines, media outlets across the world (www.abc.net.au)
submitted 3 months ago* (last edited 3 months ago) by [email protected] to c/technology
555 comments fedilink hide all child comments
 

All our servers and company laptops went down at pretty much the same time. Laptops have been bootlooping to blue screen of death. It's all very exciting, personally, as someone not responsible for fixing it.

Apparently caused by a bad CrowdStrike update.

Edit: now being told we (who almost all generally work from home) need to come into the office Monday as they can only apply the fix in-person. We'll see if that changes over the weekend...

you are viewing a single comment's thread
view the rest of the comments
[–] victorz 14 points 3 months ago (2 children)

If these affected systems are boot looping, how will they be fixed? Reinstall?

[–] [email protected] 24 points 3 months ago (2 children)

There is a fix people have found which requires manual booting into safe mode and removal of a file causing the BSODs. No clue if/how they are going to implement a fix remotely when the affected machines can't even boot.

[–] [email protected] 10 points 3 months ago (3 children)

Probably have to go old-skool and actually be at the machine.

[–] [email protected] 4 points 3 months ago

And hope you are not using BitLocker cause then you are screwed since BitLocker is tied to CS.

[–] Freefall 3 points 3 months ago (1 children)

Exactly, and super fun when all your systems are remote!!!

[–] Passerby6497 3 points 3 months ago

It's not super awful as long as everything is virtual. It's annoying, but not painful like it would be for physical systems.

Really don't envy physical/desk side support folks today....

[–] EncryptKeeper 3 points 3 months ago (1 children)

You just need console access. Which if any of the affected servers are VMs, you’ll have.

[–] [email protected] 3 points 3 months ago

Yes, VMs will be more manageable.

[–] [email protected] 2 points 3 months ago (3 children)

Do you have any source on this?

[–] [email protected] 11 points 3 months ago

If you have an account you can view the support thread here: https://supportportal.crowdstrike.com/s/article/Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19

Workaround Steps:

  1. Boot Windows into Safe Mode or the Windows Recovery Environment

  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory

  3. Locate the file matching “C-00000291*.sys”, and delete it.

  4. Boot the host normally.

[–] Passerby6497 9 points 3 months ago (1 children)

I can confirm it works after applying it to >100 servers :/

[–] victorz 4 points 3 months ago

Nice work, friend. 🤝 [back pat]

[–] [email protected] 2 points 3 months ago

It seems like it's in like half of the news stories.

[–] [email protected] 4 points 3 months ago (2 children)

It is possible to edit a folder name in windows drivers. But for IT departments that could be more work than a reimage

[–] Passerby6497 3 points 3 months ago* (last edited 3 months ago) (1 children)

Having had to fix >100 machines today, I'm not sure how a reimage would be less work. Restoring from backups maybe, but reimage and reconfig is so painful

[–] [email protected] 1 points 3 months ago

Yes, but there are less competent people. The main answer for any slightly complex issue at work is 'reimage' - the pancea to solve all problems. And reconfig of personal settings is the users problem.

[–] EncryptKeeper 2 points 3 months ago

It’s just one file to delete.