Around 8pm 18th July 2024 Crowdstrike who have built a cyber security product called Falcon today released a faulty channel of updates to theor software, this resulted in a blue screen error caused in their update framework csupdate.sys.
Ultimately it was due to incorrectly signed sys updates, that when released created a protection fault in the core updater, known as a blue screen of death, or BSOD.
The fix is fairly simple, administrators should delete the faulty channels from the affected machines and reboot them.
Using cmd prompt in recovery mode, Admins should then navigate to the C:\Windows\System32\drivers\CrowdStrike directory, and locate and delete a file called C-00000291*.sys. Restart your computer and it should be free of the problem for good.
Read more on The Reg.
"CrowdStrike has published a post incident review (PIR) of the buggy update it published that took down 8.5 million Windows machines last week. The detailed post blames a bug in test software for not properly validating the content update that was pushed out to millions of machines on Friday. CrowdStrike is promising to more thoroughly test its content updates, improve its error handling, and implement a staggered deployment to avoid a repeat of this disaster."
CrowdStrike issues configuration updates in two ways. There’s Sensor Content that directly updates CrowdStrike’s own Falcon sensor that runs at the kernel level in Windows, and there is Rapid Response Content that updates how that sensor behaves to detect malware. A tiny 40KB Rapid Response Content file caused Friday’s issue.
