Crowdstrike update causes IT outage - affects flights / banks / railways / TV channels and more

nct! what you wanna be doing that for, shur just do what the rest of us do and dont go, just get yourself a counterfeit cert ffs!

More than likely one engineer released to all live systems instead of pushing the update to some QAS servers first for testing. Brain fart moment. I've seen it happen before. Although they should have better practices in place that this couldn't happen.

That is bad should be free

exactly , some older people like using cash. But when the younger people get old , they ain’t gonna revert to cash.

^^ It is a sort of wiser - it leaves no trace, for example. And you won't spend more than you actually have.

//…says the man who pays by card/online every day, using cash for approx 2 transactions a month. :-D

I know of one company (no names) with tens of thousands of agents running CrowdStrike. They have two - yes two - internal admins. That’s how outsourced the world of IT has become.

Much easier to pay a vendor to take responsibility. Trim down your internal IT to the bone.

14 times - try once more.

I wish I had a PHD from the school of hard knocks .

There was a small file in the update patch that was faulty ,it can be fixed by deleting the file, load up

windows in safe mode ,the problem is this has to be done on every single pc, since millions of pcs run windows it,ll take days for the pc systems in airports, hospitals, goverment it systems, to be fixed .

maybe more smaller companys could run a database on apple macs, or linux. this would stop the whole it infrastructure from failing .

why did crowdstrike not test the update on a few locaL databases before causing the biggest it shutdown .

its possible to keep patient records on a mac,or pc running linux ,does every local hospital really need to run windows on every pc? i doubt it.

and many companys have no local it staff, someone will have to visit the building and fix every single pc , no way to fix it remotely.

do some companys some not have daily backups, eg go back to the backup from before the patch was applied .

it should be possible in future to have corporate backup files set to back up at say 10pm, before the new security patch is installed if they wanted to do so. and also have customer database files on a server that can be acessed by a windows pc, or a mac pc,or a linux pc by using standard file formats .eg if windows crashe,s

a nurse could still go to a pc and load up a linux os and read all the patient files if necessary in an emergency

Linux is free too in its basic variants. I’ve a few Linux sticks I can boot from

that should explain the situation…

how does leaving no trace matter? You buying loads of dildos?

……

Why did Crowdstrike not check the contents of the software update before uploading it? By the way, why did the organisations affected by the outage not replace Windows years ago?

You haven't a clue what you are talking about.

This is starting to stink

someone it looks like knew something at start of week

380 to 340 till today

340 to 300 today

[my $02]

I haven't read this fully through since this morning but the scanning I've been doing over the last 7 pages since yields some similar misconceptions, so apologies if some of this has been addressed and I'm just repeating.

As said above only Windows machines running Crowdstrike were affected. This is NOT a Windows issue, it's just that the blast radius for this particular update was for their Windows product. This could just as easily happen on *nix, allowing that the average *nix user or admin has a bit more tech savvy from necessity and has greater potential to silo apps within the OS does not mean that they would.

Impact in modern systems has to be evaluated as a chain of service. Just because your PoS machine is running *nix does not mean it doesn't have a dependancy somewhere on an affected Win system, if nothing else Active Directory (Authentication/Authorisation) running on Windows is a staple of most enterprises even if their underlying products are running on *nix (it's an area where Windows excels). Then even if their servers run on *nix the proxy or other controls they use are often tied to AD for policy decisoning. So wondering why non-windows systems are having issues is down to this web of service. It's literally a shared and balanced ecosystem. Crowdstrike dumped an oil slick into it.

This may be simple stupidity and bad process, the same as any office any of us have worked in, some people are just shite at their job and no amount of mitigations, controls and checks will compensate for everything. But, do not for now at leas discount a malicious source. Supply chain attacks, delivering malicious content or service outage, via a 'trusted' partner is probably the single biggest risk to enterprises these days. 'Trust' should not exist, anywhere, on your network or service partnership. There is only what you can control and validate. Even if this particular incident is not part of such an attack the blinding of security personnel, re-allocation of resources to resolve etc. WILL be taken advantage of. Presume someone tried to take advantage of this until you are sure they did not. That's not paranoia that's simply a principle of Fail-Closed.

When you have the option do NOT deploy any patch for any critical service on Day-one. Ideally if you have the resources test in your lab and/or deconstruct. If not, wait for the rest of the world to be your canary. Only patch immediately on exception and if required to mitigate a bigger risk.

Looking at how some companies are having so much trouble and others aren't? Large companies with virtualised Windows environments and a solid/regular snapshot (image backup) or full re-pave strategy recovered quickly. They could remotely wipe and reimage machines with little impact. Small companies with on-site IT resources could manually resolve. Everyone in the middle, those large enough to have a considerable amount of physical machines vs. low local IT resources are basically screwed and will be playing catchup for days. The technology has been there to handle this well for over a decade, not everyone invested in it.

Lastly…This will happen again. A different product, different OS, different type of impact but global reliance on a few key products by companies large enough to know better but still don't invest in recovery options means it's inevitable. If you are in IT…plan…virtualise….snapshot.

[/my $.02]

anyone who is connected with IT will know who CrowdStrike are….

so true, so well put 👍

Most organisations I deal with have the vast majority of their databases running on *nix servers.

Windows is used for AD and Exchange if email is still on premises or hybrid.

Apparently the current CEO of Crowdstrike was also CEO of McAfee when they sent down an update that took out web connectivity of all Windows XP machines in 2010. I remember it well, had to get an ancient laptop running a previous version of Windows to get a patch to fix the problem.

you sound like a conspiracy theorist. Have you ever heard of democracy? It tends to curtail the government destroying our lives.

…states have very limited access to the data of our transactions, since most of that data is in the hands of private sector financial institutions, legal proceedings would be required to get access to such data, which of course requires a judges signature, best of luck trying to get access to that data without serious cause, i.e. relax, the government isnt coming after you!