How do you view the subsequent impact of Crowdstrike update error causing Windows to crash?
胡胡胡美丽_ss
发表于 2024-7-22 16:17:50
238
0
0
According to a research report by CITIC Securities, on July 19, 2024, CrowdStrike configuration update errors caused 8.5 million Windows host systems to crash, seriously affecting the business operations of important industries worldwide (such as airlines/airports, trains, broadcasting companies, hospitals, financial institutions, government agencies, etc.), resulting in significant impacts such as flight suspensions, medical program cancellations/interruptions, and media shutdowns. At present, the relevant configuration errors have been fixed, and a comprehensive solution will take several days.
This incident may result in certain economic losses for CrowdStrike, as well as more severe reputation damage, and may cause existing and potential customers of CrowdStrike to reconsider their partnership. CrowdStrike's main competitors may benefit from this.
Event description: Endpoint security vendor CrowdStrike configuration update caused partial Windows system crashes.
At around 4:00 UTC on July 19, 2024 (around 12:00 Beijing time), endpoint security vendor CrowdStrike released an erroneous Falcon Sensor update (an agent used to monitor PC/virtual machine operating system activity, aimed at detecting and preventing potential threats), causing a large-scale shutdown of Windows systems worldwide where the agent was installed. Millions of PC/servers/virtual machines worldwide went offline due to a "blue screen of death" (BSOD) error. Due to CrowdStrike being a leading global provider of endpoint security products, and mainstream PCs worldwide being equipped with Windows systems, this erroneous update has affected banks, airlines, supermarkets, and television broadcasting companies, including aviation command systems leading to flight suspensions/forced landings, ticketing/ticket checking/settlement systems affecting various offline service scenarios, and even affecting the production processes of some factories. It is the most widespread IT incident in recent years.
Event cause: Falcon Sensor channel file update caused a logical error, resulting in the operating system crashing.
According to the technical blog on CrowdStrike's official website, on July 19, 2024 at 04:09 UTC, CrowdStrike released a Falcon Sensor configuration update to the Windows system, which is the core cause of system crashes and is not related to any network attacks. CrowdStrike states that the updated configuration file is referred to as a "channel file" and is part of Falcon Sensor's behavior protection mechanism. Updating channel files is a normal part of Falcon Sensor's operation, and CrowdStrike updates multiple times a day based on newly discovered tactics, techniques, and strategies. The affected channel file this time is 291, and its file name is& quot; C-00000291- " Start with. sys extension and end with. sys extension. Channel file 291 is used to evaluate the execution of named pipes in Windows systems (named pipes are used for inter process or inter system communication in Windows systems). This update aims to target newly observed malicious named pipes, but the configuration update caused a logical error that led to the operating system crashing.
Remedial measures: The configuration error has been fixed, but the downtime issue needs to be gradually resolved.
According to the technical blog on the official website, the configuration update that caused the Windows system to crash has been fixed at 05:27 UTC on July 19th. The company stated that this impact does not involve Linux and macOS hosts, and Windows hosts launched after 05:27 UTC are also not affected. For the affected hosts, the company provides different solutions in different situations: 1) Prioritize restarting the host in a wired network (rather than WiFi) environment to give it a chance to download the recovered channel files. 2) If the system still crashes after restarting, you need to boot Windows into safe mode or Windows recovery environment, navigate to the CrowdStrike directory of the operating system volume, find channel file 291 and delete it, and then restart the host from a shutdown state. 3) For hosts using BitLocker encryption, it is usually required to enter a recovery key when entering secure mode to ensure system security. In public cloud or virtual environments, users can achieve batch recovery through automated scripts. But for physical servers or PC devices, recovery can only be achieved through manual input by IT administrators, and the recovery cycle will be longer. Overall, we conclude that some hosts can be quickly restored, while a comprehensive solution will take several days.
Subsequent impact: CrowdStrike may face economic and reputational losses, and the landscape of endpoint security market may also change.
According to Microsoft's official website, approximately 8.5 million Windows hosts were affected this time, accounting for about 20% of CrowdStrike's server points. According to the convention of software company contract signing, it is usually not necessary to compensate customers for direct economic losses. However, service level agreements (SLAs) are generally set up in contracts, requiring service availability time, response time, and resolution time. If CrowdStrike fails to meet these requirements, they will need to provide certain compensation to customers or offer SLA points to offset future service fees. At the same time, the company also needs to increase public relations/brand/repair related expenses and bear the loss of reputation and brand image. Although downtime incidents themselves are not isolated, AWS, Azure, Atlassian (April 2022), and Datadog (March 2023) have all caused similar incidents. However, considering the extensive impact of this incident, we believe that the related damages will also be more severe. After this incident, it may cause existing and potential customers of CrowdStrike to reconsider their partnership, and CrowdStrike's main competitors may benefit from it.
Risk factors:
The rise in crude oil prices poses a risk of further uncontrolled high inflation in Europe and the United States; The risk of rapid upward trend in US bond interest rates; Continuous tightening of policy regulation for technology giants poses risks; The risk of global macroeconomic recovery falling short of expectations; Macroeconomic fluctuations lead to lower than expected IT expenditures by European and American companies, posing a risk; The evolution of security platformization falls short of expected risks; The global cloud computing market is facing unexpected risks in terms of development; Cloud computing enterprise data leakage and information security risks; The industry competition continues to intensify, and there are risks involved.
Investment Strategy:
CrowdStrike configuration update error caused 8.5 million Windows host systems to crash, seriously affecting the business operations of important industries worldwide (such as airlines/airports, trains, broadcasting companies, hospitals, financial institutions, government agencies, etc.), resulting in significant impacts such as flight suspensions, medical program cancellations/interruptions, and media shutdowns. At present, the relevant configuration errors have been fixed, and a comprehensive solution will take several days. This incident may result in certain economic losses for CrowdStrike, as well as more severe reputation damage, and may cause existing and potential customers of CrowdStrike to reconsider their partnership. CrowdStrike's main competitors may benefit from this.
CandyLake.com 系信息发布平台,仅提供信息存储空间服务。
声明:该文观点仅代表作者本人,本文不代表CandyLake.com立场,且不构成建议,请谨慎对待。
声明:该文观点仅代表作者本人,本文不代表CandyLake.com立场,且不构成建议,请谨慎对待。
猜你喜欢
- マースク:私たちのすべてのシステムからCrowdStrikeをクリアしたばかりです
- 머스크: 방금 우리 모든 시스템에서 CrowdStrike 제거
- Crowdstrike更新错误致Windows宕机,如何看待后续影响?
- CrowdstrikeアップデートエラーによるWindowsのダウンタイム、その後の影響をどう見るか?
- Crowdstrike 업데이트 오류로 Windows가 다운되었는데, 그 이후의 영향은 어떻게 보십니까?
- CrowdStrike因严重软件中断被股东起诉
- CrowdStrike sued by shareholders for severe software disruption
- CrowdStrike、深刻なソフトウェア中断で株主に訴えられる
- CrowdStrike는 심각한 소프트웨어 중단으로 주주들에게 소송을 당했습니다.
- CrowdStrike第二财季净利润大幅增至4669万美元
-
隔夜株式市場 世界の主要指数は金曜日に多くが下落し、最新のインフレデータが減速の兆しを示したおかげで、米株3大指数は大幅に回復し、いずれも1%超上昇した。 金曜日に発表されたデータによると、米国の11月のPC ...
- SNT
- 前天 12:48
- 支持
- 反对
- 回复
- 收藏
-
長年にわたって、昔の消金大手の捷信消金の再編がようやく地に着いた。 天津銀行の発表によると、同行は京東傘下の2社、対外貿易信託などと捷信消金再編に参加する。再編が完了すると、京東の持ち株比率は65%に達し ...
- SNT
- 前天 12:09
- 支持
- 反对
- 回复
- 收藏
-
【ビットコインが飛び込む!32万人超の爆倉】データによると、過去24時間で世界には32万7000人以上の爆倉があり、爆倉の総額は10億ドルを超えた。
- 断翅小蝶腥
- 3 天前
- 支持
- 反对
- 回复
- 收藏
-
南方財経12月20日電によると、元テスラ製造副総裁の宋鋼氏が将来像集積サプライチェーン高級副総裁に就任する。現在、ビジョンの企業OAにはすでに個人情報が表示されており、関連直属の上司はビジョンテクノロジー ...
- 内托体头
- 3 天前
- 支持
- 反对
- 回复
- 收藏