Dataprise’s Post

If you or your customers are impacted by the CrowdStrike update blue-screening Windows machines, Dataprise has released a #DefenseDigest that includes the DIY fix and an explanation of what occurred. Learn more here: https://lnkd.in/gpUUyXK2 #Channel #Cybersecurity

Windows Server Outage: CloudStrike Issue Major outages affecting Windows servers due to CloudStrike security software problem. Faulty update causing crashes and instability. Many organisations impacted with critical services down. Expect disruptions as IT teams address the problem. How is this affecting your organisation or plans today? #cloudstrike

When the Crowd go on Strike, Contagion outage is the Result 🤭🤫😉 From readers: A: I cannot understand why this update wasn’t tested on sample machines prior to release. Group policies exist whereby an admin can set a subset of machines within an organisation to receive the latest iteration of Windows Updates - once all is seen to be well, the remaining machines, servers, desktops and laptops receive the updates. B: I understand it’s called FAT testing (factory acceptance test). Software is tested on dedicated stand alone machines prior to being released to the global public. Does not seem to have been followed in this case.

For systems that have been already impacted by the problem, the mitigation instructions are listed below - -Boot Windows in Safe Mode or Windows Recovery Environment -Navigate to the C:\Windows\System32\drivers\CrowdStrike directory -Find the file named "C-00000291*.sys" and delete it -Restart the computer or server normally

All Crowdstrike customers facing blue dump error This is due to CSAGENT.SYS get corrupted error with blue screen on Servers, Desktops and Laptops.   Immediate Solution: (Temporary Solution) NEED BOOT DEVICES ON WINDOWS RECOVERY MODE OR SAFE MODE. YOU NEED TO GO TO COMMAND PROMPT RENAME CSAGENT.SYS TO CSAGENT_OLD.SYS IN THIS PATH “windows/system32/drivers/Crowdstrike/CSAGENT.SYS”

🚨 Attention fellow sysadmins! New Windows Server updates causing domain controller crashes Heads up to my fellow IT admins! There's a critical issue with the recent Windows Server updates (KB5035855 & KB5035857) released in March 2024. These updates are causing domain controllers (DCs) to crash and reboot! 💥 The culprit? A memory leak in the Local Security Authority Subsystem Service (LSASS). This service is essential for DCs, as it handles user logins, and passwords, and enforces security policies. A malfunctioning LSASS can wreak havoc on your domain! What to do? -Uninstall the updates (KB5035855 & KB5035857) as soon as possible. This is a temporary workaround until Microsoft releases a fix. wusa /uninstall /kb:5035855 wusa /uninstall /kb:5035857 -Monitor your DCs closely. Be prepared to take manual action (like rebooting) if a crash occurs. Microsoft is aware of the issue and is likely working on a fix, but until then, take steps to protect your domain controllers. Microsoft official bug reporting page : https://lnkd.in/egcSMsKt Share this post with your network! Let's spread the word and help keep our DCs safe. #WindowsServer #DomainController #Microsoft #ITSecurity

CrowdStrike is actively working on the recent content Update for the Windows Hosts. But Mac and Linux hosts are unaffected, and this was not a cyberattack. Technical Details Technical Details on the outage can be found here: Read the blog Published 2024-07-19 0100 UTC We assure our customers that CrowdStrike is operating normally and this issue does not affect our Falcon platform systems. If your systems are operating normally, there is no impact to their protection if the Falcon Sensor is installed. Falcon Complete and OverWatch services are not disrupted by this incident. CrowdStrike has identified the trigger for this issue as a Windows sensor related content deployment and we have reverted those changes. The content is a channel file located in the %WINDIR%\System32\drivers\CrowdStrike directory. Channel file “C-00000291*.sys” with timestamp of 2024-07-19 0527 UTC or later is the reverted (good) version. Channel file “C-00000291*.sys” with timestamp of 2024-07-19 0409 UTC is the problematic version. Note: It is normal for multiple “C-00000291*.sys files to be present in the CrowdStrike directory – as long as one of the files in the folder has a timestamp of 05:27 UTC or later, that will be the active content. Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor. Windows hosts which have not been impacted do not require any action as the problematic channel file has been reverted. Reference:

Check Out My New Article About How to Do Account Lockout Policy on Server #Account #Lockout #Policy #Server C# Corner

Please read the following CDW leadership in security. If you are still experiencing challenges from the CrowdStrike global technical incident, the attached may help you get through it more easily.

The CrowdStrike Update - Fix I have not heard much about the CrowdStrike Update fix, until I read this update article from Forbes website that provides details around the root cause and potential workarounds to get Windows Operating Systems back online. Root Cause: CrowdStrike System File - "C:\Windows\System32\drivers\CrowdStrike directory. Users must then delete the file title “C-00000291*.sys.”. Workarounds - there are multiple workarounds; read the Forbes article. Fix - As per Forbes - deletion of C-00000291*.sys, then reboot. Please read the Forbes article before applying any changes to your Windows OS. I hope this helps: Ref: https://lnkd.in/gXPMp4eb