Falcon Content Update Issue for Windows Hosts: What You Need to Know
Falcon Content Update Issue for Windows Hosts: What You Need to Know
CrowdStrike Statement on Falcon Content Update for Windows Hosts
CrowdStrike is actively addressing a defect in a recent content update for Windows hosts that has impacted some customers. It's important to note that Mac and Linux hosts remain unaffected, and this was not a cyberattack.
Issue Identification and Resolution
The problem has been identified and isolated, and a fix has been deployed. We advise affected customers to visit the support portal for the latest updates. CrowdStrike is committed to providing continuous updates through our blog and official communication channels.
Customer Support and Communication
We recommend that organizations ensure they are communicating with CrowdStrike representatives through official channels to avoid misinformation. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.
Impact and Apology
We understand the severity of the situation and deeply regret the inconvenience and disruption caused. We are working diligently with all impacted customers to restore their systems so they can continue to provide their services without further interruption.
Assurance of Platform Integrity
CrowdStrike assures that its operations are normal, and the issue does not affect our Falcon platform systems. Systems operating normally will remain protected with the Falcon sensor installed.
Detailed Technical Information and Workarounds
Symptoms and Identification
Affected Windows hosts may experience a blue screen error related to the Falcon sensor. If your host has not been impacted, no action is required as the problematic channel file has been reverted.
Key Points:
Unaffected Windows hosts do not require action.
Hosts brought online after 0527 UTC are not impacted.
Problematic file: "C-00000291*.sys" with a timestamp of 0409 UTC.
Reverted file: "C-00000291*.sys" with a timestamp of 0527 UTC or later.
Current Actions by CrowdStrike Engineering
CrowdStrike Engineering has identified and reverted the content deployment causing the issue. If hosts are still experiencing crashes and unable to stay online to receive the Channel File Changes, specific workaround steps are provided below.
Workaround Steps for Individual Hosts
Reboot the Host: Ensure it has an opportunity to download the reverted channel file. We recommend using a wired network connection for faster internet connectivity.
If the Host Crashes Again:
Boot Windows into Safe Mode or the Windows Recovery Environment.
Use Safe Mode with Networking for better remediation.
Technical Support and Recovery Articles
For more detailed steps on identifying impacted hosts and performing automated recovery, please refer to the provided knowledge base articles and dashboard tools available through the support portal.
Queries and Dashboards
A new dashboard is available displaying impacted channels, CIDs, and sensors. Depending on your subscriptions, access it via:
Next-GEN SIEM > Dashboard
Investigate > Dashboards
Named as: hosts_possibly_impacted_by_windows_crashes
Ongoing Support and Transparency
CrowdStrike is committed to full transparency throughout the resolution process. Continuous updates will be provided through the Support Portal and our blog. If you have further questions or require additional support, please reach out to your CrowdStrike representative or Technical Support.
We appreciate your understanding and patience as we work through this issue together. The trust and confidence you place in CrowdStrike is paramount, and we are dedicated to ensuring that such incidents are prevented in the future.
For More Information
Visit our Support Portal atCrowdStrike Support and our blog atCrowdStrike Blog for continuous updates.
Stay Vigilant
We encourage everyone to remain vigilant against potential exploitation by adversaries during this period. Ensure communications are through official CrowdStrike channels for accurate information.
Thank you for your cooperation and trust in CrowdStrike.
Reference
- CrowdStrike Statement on Falcon Content Update for Windows Hosts
- Global Microsoft Meltdown Tied to Bad CrowdStrike Update
- CrowdStrike's Statement on Today's Outage
- ET Explains: How a Faulty Microsoft Windows Update by CrowdStrike Led to Havoc
Check out the above links for more details