Earlier today there was a global security incident that may have affected some of your Windows systems running the CrowdStrike Falcon Sensor, an endpoint protection agent.
This incident has caused widespread outages for many organizations around the world, and we want to assure you that we are here to help you resolve any issues and minimize any disruptions to your business operations.
What happened and who is affected?
Early this morning, CrowdStrike deployed a content update to its Falcon Sensor agents, which triggered a system-level error that prevented Windows operating systems from booting properly. This resulted in a “Blue Screen of Death” or BSOD error on many Windows systems across various sectors, including banking, healthcare, government, and critical infrastructure.
This incident only affects Windows systems (Windows 10, Windows 11, Windows Server, etc.) with the CrowdStrike Falcon Sensor agent installed. It does not affect any other operating systems or endpoint protection software.
As a service provider to our global clients, we began receiving system alerts from managed services clients at approximately 01:20AM EST and our support team immediately began troubleshooting operations. Since then, we have been working tirelessly to help those affected recover from this outage. Our systems and support operations were not affected by this incident because we use the Palo Alto Cortex XDR agent for endpoint protection, which is not impacted by this issue.
What is the solution and what can you do?
CrowdStrike has identified the root cause of the issue and has reversed the content update that caused it. They have also provided steps to work around the problem for systems that have already been affected. You can find more details on their official statement here.
If you have any systems that are running CrowdStrike and have experienced this outage, please contact us and we will assist you with the recovery process. Our support teams are available 24×7 and are ready to help you restore your systems as quickly as possible.
We also want to reassure you that this incident is not the result of a cyber attack, but rather a configuration issue on CrowdStrike’s side. There is no evidence of any data breach or compromise, and the outage does not affect the security of your systems or data.
However, you may need to assess the impact of this incident on your availability and compliance requirements and report it accordingly to the relevant authorities.
How can we help you prevent future incidents?
At CBTS, we are committed to providing you with the best solutions and services for your security and IT needs. If you are interested in exploring alternative options to CrowdStrike, please review our Managed XDR Service, which uses the Palo Alto Cortex XDR agent for endpoint protection. This service provides you with comprehensive and proactive threat detection, prevention, response, and remediation across your network, endpoints, and cloud environments.
We also recommend that you implement a mature patching program that includes testing, validating, and rolling back patches before deploying them to your entire organization. This will help you avoid potential issues and ensure the stability and performance of your systems. We can help you with this as well, with our Managed Patching as a Service Solution, which automates and simplifies the patching process for you.
Please do not hesitate to reach out to us if you have any questions or concerns, or if you need any assistance with your systems. We are always here to support you and help you achieve your business goals.
Ryan Hamrick, Manager – Security Consulting Services