Crowdstrike Outage 19/7/2024

Incident Summary:

On July 19, 2024 at 04:09 UTC, CrowdStrike deployed a sensor configuration update for Windows systems as part of routine operations within the Falcon platform. Unfortunately, this update contained a logic error that caused affected systems to crash, resulting in a blue screen (BSOD). The issue was resolved by CrowdStrike at 05:27 UTC on the same day.

This incident was not a result of a cyberattack.

Impact:

Customers using Falcon sensor for Windows version 7.11 and above, who were online between July 19, 2024 04:09 UTC and July 19, 2024 05:27 UTC, may have experienced system crashes due to this configuration update.

Technical Details:

The faulty update targeted malicious named pipes used in cyberattacks but inadvertently triggered an operating system crash due to a logic error in Channel File 291, located in C:\Windows\System32\drivers\CrowdStrike\.

CrowdStrike has corrected the logic error in Channel File 291 and continues to protect against misuse of named pipes.

Remediation:

Further details on remediation steps are available on CrowdStrike's blog and Support Portal. Customers with specific support needs are encouraged to contact CrowdStrike directly.

Root Cause Analysis:

CrowdStrike is conducting a comprehensive root cause analysis to identify and address the underlying factors that led to this issue, aiming to enhance operational processes and prevent similar incidents in the future.

Note: Systems running Linux or macOS were not affected by this issue as they do not utilize Channel File 291.