Newsletter Saturday, November 9

Airlines, banks, retailers and healthcare providers are experiencing widespread disruptions linked to an IT outage after Microsoft reported problems linked to an issue at cybersecurity firm CrowdStrike.

James Bore, a cybersecurity expert and managing director of Bores Group, told Business Insider the outages appear to have been caused by a tool called Falcon from cybersecurity firm CrowdStrike, which is widely used to protect computers from attacks.

The tool has a corrupted file that is “knocking out computers, putting them into what’s known as the ‘blue screen of death.'”

Bore said the issue can’t be fixed automatically as it requires a manual reboot in “safe mode” and deleting the offending file.

“There is no automated way to do this. There is no way to pull that file back or send out a new update, meaning every computer affected has to have some manual interaction,” he said.

Each fix should only take between 30 and 60 seconds, but problems could persist for some time, Bore added.

“It depends on how quickly they can deal with the problem at the source, whether they can pull down that file because the way that modern infrastructure works is likely to be replicated across the world in local servers. For CrowdStrike Falcon to pull it down now, changing that, making sure it’s updated, that does take time,” he said.

Ian Thornton-Trump, Cyjax’s chief information security officer, told BI that what has been done cannot be undone for those blue-screen machines.

“If the machines can be booted in safe mode, they may be able to issue an out-of-band update or patch. That’s time-consuming — if the machines are critical, they might actually consider restoring from backup or a shadow copy [a built-in Microsoft recovery feature].”

Microsoft and CrowdStrike didn’t immediately respond to requests for comment from Business Insider.

How to try to fix your PC

  1. Bore said the first step is rebooting your computer, which should give a “safe mode” option once it restarts. (You won’t have a network connection, and that’s intentional).
  2. Open the File Browser and find where Crowdstrike is installed, probably in a folder called C:Windowssystem32Crowdstrike. “Be very careful not to mess with anything else in the system32 folder, as you can cause whole new problems that way,” Bore advised.
  3. In the Crowdstrike folder look for a file called (C-00000291*.sys — then delete that file and reboot the computer.



Read the full article here

Share.
Leave A Reply