A lot of systems have been affected when a cybersecurity technology company rolled out a faulty patch for their software for Microsoft Windows. This has caused widespread global impact affecting airline flights; emergency services; news outlets; hospitals; and the Microsoft Azure platform.
What happened?
Crowdstrike is a company that provides endpoint security, threat intelligence and cyberattack response services. In 2014, a breach in their security system was responsible for the Sony Pictures hack; cyber attacks to the Democratic National Committe between 2015-6; and s subequent email leak.
An update for their Falcon agent software was issued to all their customers which had a bug in the code that wasn’t found before it knocked out systems worldwide. The Bluescreen error generated a PAGE_FAULT_IN_NON_PAGED_AREA message for csagent.sys.
How does this affect me?
This bug will not affect your computer directly unless you use CrowdStrike monitoring software called Falcon Sensor. This bug affects all versions of Windows, including Server.
With the Microsoft Azure platform outage, it may mean logging in with Active Directory and access to the Bitlocker encryption keys will be unavailable.
Is there a workaround?
Yes, there is a workaround:
- Reboot your computer into Safe Mode or into the Recovery Environment (you may need your Bitlocker key to access your drive if it is encrypted)
- Go to: C:\Windows\System32\drivers\CrowdStrike
- Delete C-00000291*.sys
- Reboot your computer
What about Azure managed platforms?
Microsoft suggests manually rebooting affected servers, although you will need to perform the workaround if you are also using CrowdStrike monitoring on these servers.