Crowdstrike Outage 19/7/2024
Incident Summary:
On July 19, 2024 at 04:09 UTC, CrowdStrike deployed a sensor configuration update for Windows systems as part of routine operations within the Falcon platform. Unfortunately, this update contained a logic error that caused affected systems to crash, resulting in a blue screen (BSOD). The issue was resolved by CrowdStrike at 05:27 UTC on the same day.
This incident was not a result of a cyberattack.
Impact:
Customers using Falcon sensor for Windows version 7.11 and above, who were online between July 19, 2024 04:09 UTC and July 19, 2024 05:27 UTC, may have experienced system crashes due to this configuration update.
Technical Details:
The faulty update targeted malicious named pipes used in cyberattacks but inadvertently triggered an operating system crash due to a logic error in Channel File 291, located in C:\Windows\System32\drivers\CrowdStrike\
.
CrowdStrike has corrected the logic error in Channel File 291 and continues to protect against misuse of named pipes.
Remediation:
Further details on remediation steps are available on CrowdStrike's blog and Support Portal. Customers with specific support needs are encouraged to contact CrowdStrike directly.
Root Cause Analysis:
CrowdStrike is conducting a comprehensive root cause analysis to identify and address the underlying factors that led to this issue, aiming to enhance operational processes and prevent similar incidents in the future.
Note: Systems running Linux or macOS were not affected by this issue as they do not utilize Channel File 291.