A significant issue has recently emerged in the cybersecurity community. A patch released by CrowdStrike has caused widespread disruptions, leading to numerous Windows computers experiencing the “Blue Screen of Death” (BSOD). This situation has affected various sectors, including travel and healthcare services, highlighting the critical nature of the problem. A fix has been published, and the fix is a time-consuming, manual process. 

Who and What is Affected? 

The impact of this issue is far-reaching, affecting organizations across different industries. Key sectors such as banking, media, healthcare, and airlines are among those most affected. The extensive nature of this disruption highlights the critical importance of cybersecurity tools in maintaining operational continuity. 

Impacts to Critical Infrastructure: 

  • 911 services in parts of the U.S. (New York, Alaska, Arizona) and Canada were notably affected, with some operators resorting to manual processes.
  • Several airports, including those in Schiphol, Melbourne, Berlin, Barcelona, Brisbane, Edinburgh, Amsterdam, and London, faced disruptions. Flights were grounded, and passengers experienced significant delays.
  • Hospitals in the Netherlands, Spain, UK, and the U.S. (Bellevue Hospital, NYU Langone Hospital) reported operational issues.

Key Points/Impacts: 

  • At least 24,000 companies are impacted
  • Systems are affected globally, including critical infrastructures.
  • Disruptions led to operational halts and financial repercussions.
  • CrowdStrike provided a workaround and support for impacted users.
  • The root cause is under investigation.

Why Did This Happen? 

The issue appears to stem from a defect in the recent CrowdStrike patch that was not identified during the testing phase. As a result, the patch affected critical system files necessary for the operation of Windows, leading to widespread BSOD errors. 

Immediate Remediation Steps 

For those affected, here’s a detailed guide to resolve the issue and restore normal operations: 

  1. Access Advanced Repair Options:
  • Boot into the advanced repair options on the affected device.
  1. Navigate to Troubleshoot:
  • Select the Troubleshoot option from the menu.
  1. Use Command Prompt:
  • Open the Command Prompt and enter the following commands:
  • push C:\Windows\System32\drivers\Crowdstrike
  • del “C-00000291*.sys”
  1. Reboot:
  • Exit the Command Prompt and continue with the reboot process. The system should start normally after this procedure.

What’s Next? 

Due to the nature of the fix, IT personnel will need to physically access each affected machine. This hands-on approach means that the recovery process may take some time, especially for organizations with extensive deployments. Further patches or fixes may be forthcoming, but no information has been provided on that front. 

Community and Support 

MorganFranklin is committed to providing comprehensive support to affected organizations. Our cybersecurity experts are available to assist with the immediate remediation steps and ensure that your systems are fully restored and protected against future threats. Our services include hands-on technical support, system audits, and ongoing monitoring to prevent similar issues from occurring. We understand the critical nature of maintaining operational integrity and are here to help you navigate through this challenging situation. 

The cybersecurity community is actively collaborating to share solutions and provide support during this crisis. For those needing additional assistance, reaching out to CrowdStrike support or your IT department is highly recommended. More detailed guidance and updates can be found on CrowdStrike’s official blog and newsroom. 

Staying informed and connected is crucial during these times. Sharing experiences and solutions will help navigate through this challenge effectively. 

Conclusion 

This incident underscores the importance of robust cybersecurity measures and the need for a swift response to emerging threats. MorganFranklin is committed to supporting our clients through this situation and ensuring that systems are restored to full functionality as quickly as possible. 

Stay secure and vigilant. 

LET’S WORK TOGETHER

We are experienced, engaged professionals that are highly energetic and motivated to work in challenging, high stakes environments.