CrowdStrike & Microsoft IT Outage Guidance

Incident overview

As far as Defense.com is aware, the mass worldwide IT outages are believed to have been caused by a flaw in an anti-virus update from the US based cybersecurity company, CrowdStrike. The defect update looks to be only affecting Windows based systems, with Mac and Linux hosts not impacted. The official CrowdStrike statement can be found here - https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/

This issue has been seen to affect many industries around the world including Governments, Broadcasters, healthcare providers, financial institutions, retail,and airlines among many others.

Its already being defined as the biggest IT problem since “WannaCry” in 2017. WannaCry was a malicious cyber-attack that affected an old version of Windows and spread automatically and uncontrollably to any computer that had old and unprotected Windows software. It affected an estimated 300,000 computers in 150 different countries. Famously the NHS was badly hit with huge disruption for days.

Is Defense.com affected?

Thankfully, Defense.com has not been affected by the IT outage and all services are running as expected. In the unlikely event this should change, please see https://status.defense.com for system operation.

Support and guidance

For businesses seeking guidance in response to this outage, Defense.com offers the following recommendations:

Customers of CrowdStrike should download the latest update, which is available on the CrowdStrike support page.

Users of affected systems have reported experiencing a Blue Screen of Death (BSOD) error, can take the following steps to circumvent this issue:

1. Boot Windows into Safe Mode or the Windows Recovery Environment.
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
3. Locate the file matching the pattern C-00000291*.sys and delete it.
4. Boot the host normally.

CrowdStrike will be updating their support portal with the latest information and recommendations.