News
Falcon Content Update Remediation and Guidance Hub
Web page final up to date 2024-07-23 0740 UTC
CrowdStrike is actively aiding prospects affected by a defect in a current content material replace for Home windows hosts. Mac and Linux hosts weren’t impacted. The difficulty has been recognized and remoted, and a repair has been deployed. This was not a cyberattack.
Prospects are suggested to verify the help portal for updates. We may even proceed to offer the newest data right here and on our weblog because it’s accessible. We advocate organizations confirm they’re speaking with CrowdStrike representatives by means of official channels.
We guarantee our prospects that CrowdStrike is working usually and this concern doesn’t have an effect on our Falcon platform techniques. In case your techniques are working usually, there is no such thing as a impression to their safety if the Falcon sensor is put in.
We perceive the gravity of this case and are deeply sorry for the inconvenience and disruption. Our staff is absolutely mobilized to make sure the safety and stability of CrowdStrike prospects.
Assertion from our CEO
Despatched 2024-07-19 1930 UTC
Valued Prospects and Companions,
I need to sincerely apologize on to all of you for the outage. All of CrowdStrike understands the gravity and impression of the state of affairs. We rapidly recognized the difficulty and deployed a repair, permitting us to focus diligently on restoring buyer techniques as our highest precedence.
The outage was attributable to a defect present in a Falcon content material replace for Home windows hosts. Mac and Linux hosts should not impacted. This was not a cyberattack.
We’re working intently with impacted prospects and companions to make sure that all techniques are restored, so you possibly can ship the providers your prospects depend on.
CrowdStrike is working usually, and this concern doesn’t have an effect on our Falcon platform techniques. There isn’t any impression to any safety if the Falcon sensor is put in. Falcon Full and Falcon OverWatch providers should not disrupted.
We’ll present steady updates by means of our Assist Portal at https://supportportal.crowdstrike.com/s/login/.
We now have mobilized all of CrowdStrike that will help you and your groups. If in case you have questions or want extra help, please attain out to your CrowdStrike consultant or Technical Assist.
We all know that adversaries and unhealthy actors will attempt to exploit occasions like this. I encourage everybody to stay vigilant and make sure that you’re partaking with official CrowdStrike representatives. Our weblog and technical help will proceed to be the official channels for the newest updates.
Nothing is extra vital to me than the belief and confidence that our prospects and companions have put into CrowdStrike. As we resolve this incident, you have got my dedication to offer full transparency on how this occurred and steps we’re taking to forestall something like this from taking place once more.
George Kurtz
CrowdStrike Founder and CEO
Technical Particulars
- Technical Particulars on the outage might be discovered right here: Learn the weblog Revealed 2024-07-20 0100 UTC
- We guarantee our prospects that CrowdStrike is working usually and this concern doesn’t have an effect on our Falcon platform techniques. In case your techniques are working usually, there is no such thing as a impression to their safety if the Falcon Sensor is put in. Falcon Full and OverWatch providers should not disrupted by this incident.
- CrowdStrike has recognized the set off for this concern as a Home windows sensor associated content material deployment and now we have reverted these modifications. The content material is a channel file situated within the %WINDIRpercentSystem32driversCrowdStrike listing.
- Channel file “C-00000291*.sys” with timestamp of 2024-07-19 0527 UTC or later is the reverted (good) model.
- Channel file “C-00000291*.sys” with timestamp of 2024-07-19 0409 UTC is the problematic model.
- Word: It’s regular for a number of “C-00000291*.sys information to be current within the CrowdStrike listing – so long as one of the information within the folder has a timestamp of 05:27 UTC or later, that would be the energetic content material.
- Signs embrace hosts experiencing a bugcheckblue display error associated to the Falcon Sensor.
- Home windows hosts which have not been impacted don’t require any motion because the problematic channel file has been reverted.
Non-Impacted Hosts
- Home windows hosts that are introduced on-line after 2024-07-19 0527 UTC won’t be impacted
- Home windows hosts put in and provisioned after 2024-07-19 0527 UTC should not impacted Up to date 2024-07-21 1435 UTC
- This concern shouldn’t be impacting Mac- or Linux-based hosts
How do I Determine Impacted Hosts?
How do I Determine Impacted Hosts by way of Superior Occasion Search Question?
Up to date 2024-07-22 0139 UTC
The queries utilized by the dashboards are listed on the backside of the suitable dashboard manuals.
How do I Determine Impacted Hosts by way of Dashboard?
Up to date 2024-07-23 0217 UTC
An up to date granular dashboard is on the market that shows the Home windows hosts impacted by the content material replace defect described on this Tech Alert. See Granular standing dashboards to determine Home windows hosts impacted by content material concern (v8.6) (pdf) or log in to view within the help portal. Word that the queries utilized by the dashboards are listed on the backside of the suitable dashboard manuals.
If hosts are nonetheless crashing and unable to remain on-line to obtain the Channel File replace, the remediation steps beneath can be utilized.
How do I Remediate Particular person Hosts?
Up to date 2024-07-21 0932 UTC
- Reboot the host to present it a chance to obtain the reverted channel file. We strongly advocate placing the host on a wired community (versus WiFi) previous to rebooting because the host will purchase web connectivity significantly quicker by way of ethernet.
- If the host crashes once more on reboot:
- Possibility 1 – Construct automated restoration ISOs with drivers
- Observe the directions for Constructing Falcon Home windows Host Restoration ISOs on this guide (PDF) or log in to view within the help portal. Up to date 2024-07-23 0740 UTC
- Word: Bitlocker-encrypted hosts might require a restoration key.
- Possibility 2 – Handbook course of
- Evaluate the next video on CrowdStrike Host Self-Remediation for Distant Customers. Observe the directions contained inside the video if directed to take action by your group’s IT division. Up to date 2024-07-22 1510 UTC
- Alternatively, please see this Microsoft article for detailed steps.
- Word: Bitlocker-encrypted hosts might require a restoration key.
-
Up to date 2024-07-22 1758 UTC
How do I Recuperate Bitlocker Keys?
Up to date 2024-07-21 1810 UTC
Tips on how to Recuperate Cloud-Primarily based Setting Assets
Cloud Setting | Steerage |
---|---|
AWS |
AWS article |
Azure |
Microsoft article |
GCP |
Up to date 2024-07-22 1758 UTC |
Public Cloud/Digital Environments |
Possibility 1:
Possibility 2:
|
Third Celebration Vendor Data
Up to date 2024-07-20 2259 UTC
This video outlines the steps required to self-remediate impacted distant Home windows laptops. Observe these directions if directed to take action by your group’s IT division.
Watch the video now
Further Assets
-
News4 weeks ago
What Did Matt Gaetz’s Wife Say About His Scandal?
-
News3 weeks ago
UFC Fight Night: Yan vs Figueiredo Main Card Results
-
News4 weeks ago
More than 165K pounds of ground beef recalled due to possible E. coli contamination
-
News4 weeks ago
‘Dune: Prophecy’ : Here’s Your ‘Who Are These People’ Guide to HBO’s Spiced-Up ‘Dune’ Prequel
-
News4 weeks ago
Angelina Jolie and Brad Pitt’s son Knox makes first red carpet appearance in three years
-
News4 weeks ago
Seattle Seahawks to Host Food Drive at November 24 Game to Benefit Home Team Harvest Campaign
-
News4 weeks ago
Moment naked woman streaks during Grey Cup then casually walks off field as players awkwardly stand by
-
News4 weeks ago
Putin says Russia attacked Ukraine with a new missile and threatens Western countries arming Ukraine