mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

336K
active users

Crowdstrike published a faulty update. Causes Windows to bluescreen. Driver is C-00000291*.sys. Will cause worldwide outages. Thread follows, I suspect. 🧵

I am obtaining a copy of the driver to see if malicious or bad coding, if anybody else checking let me know.

If anybody is wondering the impact of the Crowdstrike thing - it’s really bad. Machines don’t boot.

The recovery is boot in safe mode, log in as local admin and delete things - which isn’t automateable. Basically Crowdstrike will be in very hot water.

You know it was coming...

Crowdstrike's BSOP theme tune

Sky News has gone off air in the UK.

Favour to IT folks fixing - could you please copy the C-00000291*.sys file to somewhere and upload it to Virustotal, and reply with the Virustotal link or file hash? It's still unclear if the update was malicious or just a bug.

I've obtained copies of the .sys driver files Crowdstrike customers have. They're garbage. Each customer appears to have a different one.

They trigger an issue that causes Windows to blue screen.

I am unsure how these got pushed to customers. I think Crowdstrike might have a problem.

For any orgs in recovery mode, I'd suspend auto updates of CS for now.

If anybody is wondering, the update was delivered via channel file updates in Crowdstrike.

The .sys files causing the issue are channel update files, they cause the top level CS driver to crash as they're invalidly formatted. It's unclear how/why Crowdstrike delivered the files and I'd pause all Crowdstrikes updates temporarily until they can explain.

This is going to turn out to be the biggest 'cyber' incident ever in terms of impact, just a spoiler, as recovery is so difficult.

Andrew Bailey

@GossiTheDog I can only guess that there was some corruption on copy somewhere in the transfer chain.