In this post we will look at the issue that affected us all.. Read till the end. If you have not been under a rock then you’d have known . Yet let’s have a quick look at what happened .
On 19th July 2024 , some computers started having blue screen which seemed to not fix. It literally sent the computer into BSOD (blue screen of death) . This outrage caused disruptions to airlines , businesses , hospitals and what not .
But props to CEO of Crowdstrike who addressed and tweeted about the problem and helped people solve the issue as well. The fix is still in progress.
So what actually happen on that day ?
Let’s dig in .
Crowdstrike the company provides security endpoints to multiple vendors as Microsoft , Linux and Mac. Crowdstrike provides a kernel process by the name “falcon” which is installed by default on Windows. On that very day , crowdstrike’s falcon 7.11 received a sensor update which had a logic error in the update ,which caused to blue screen or BSOD. This sensor gets updated regularly , sometimes multiple times a day , in order to provide with threat protection.
The flawed update was contained in a file , which crowdstrike refers to as “Channel files”. Channel file 291 is an update that was supposed to help improve how Falcon evaluates named pipe execution on Microsoft Windows Systems. With faulty logic in channel 291 , crowdstrike unknowingly crashed its falcon system , causing windows to crash.
Why did the same issue didnot happen to Linux and Mac systems ?
Crowdstrike does not provide security to only windows but to other systems as Linux and Mac as well . The file with faulty namely channel 291 was issued only to Microsoft but not to others.Apple and Linux systems don’t let the crowdstrike services to directly interact with kernel to prevent potential issues.
Till when will everything be OK ?
After identifying the issue , Crowdstrike pushed a fix in under 79 minutes . But the systems which were already affected had installed the error and now unless it is manually fixed by IT professionals , it will take time.
Big companies have hundreds if not thousands of computers and all are managed centrally . But manually rebooting every computer into safe mode and deleting the channel 291 (which caused the issue) may take some time.
Some companies were able to deploy the fix in literally days but some other which have very complex computer architecture may take months.
Other uninvited enjoyer/s .
Crowdstrike reported that it had received reports of Hacker’s taking advantages of such outrage. They started sending phishing emails and started calling themselves as crowdstrike employees which knew and would fix the issue. Selling other problematic scripts which may further either increase the damage or lets them access to victim’s computer.
Link to Crowdstrike’s blog regarding the same.
Conclusion :
Whatever happened on 19th July 2024 was not a cyber-attack. But an issue by Crowdstrike , a company which provides security endpoints to Windows, Linux and Mac systems. The issue was very specific to Microsoft windows and was caused Falcon , a service by Crowdstrike. Although not a cyber-attack but hackers did try to make some money out of it.
