A bug in a CrowdStrike update for devices running Microsoft’s Windows operating system has caused problems worldwide. It is not a cyber attack, but a technical failure that has caused problems for airports, airlines, some health systems, and even the organizers of the Paris Olympic Games that are taking place in a week. In light of these problems that have affected companies, but also individuals, the National Institute of Cybersecurity (Incibe) has issued a statement explaining what happened and advice on how to fix it.
This agency, which is part of the Ministry of Digital Transformation, has explained that problems have been observed in devices since Thursday night. This situation has been generated by an update to a CrowdStrike cybersecurity component, which has caused a failure in the interaction with Microsoft platforms.
These problems have caused a characteristic failure that generates a blue screen that blocks the system and prevents it from working correctly. This is what has become known as the Blue Screen of Death (BSOD). The company responsible for this software is already applying mitigation measures, according to Incibe, for the affected systems and clients, managing to restore several of these systems. Work is now underway on a new update to replace the problematic one and to prevent it from affecting new services.
To do
Added to this are the advice issued through Incibe for users affected by this problem, which is summarized below:
- Perform an update to the CrowdStrike components that are causing the blue screen loops.
- It is recommended, in any case, not to run the CrowdStrike update until a verified solution is available.
- Thirdly, Incibe explains that the defective channel of this company has been reversed by the manufacturer and this is expected to mitigate its expansion.
- For those that are already affected, some will reset to a normal working state and it is recommended that the new file that does not cause problems should be chosen over the one that caused this situation.
- If the problem persists, Incibe suggests manual intervention:
- Windows must be started in safe mode.
- You must access the C:\Windows\System32\drivers\CrowdStrike directory in Explorer.
- Search for the file “C-00000291*.sys” and delete it.
- Start the system normally.
In any case, Incibe reminds critical entities and operators that it offers its support for the adoption of the necessary mitigation measures. If any company or person needs advice, the organization indicates that it has a cybersecurity help service from 8 a.m. to 11 p.m. through the telephone number 017 or through the WhatsApp (900116117) or Telegram (@INCIBE017) channels, as well as through a form. “A special attention protocol has been implemented with the corresponding information,” the statement concludes.
Source: www.eldiario.es
