- By Vikas Yadav
- Sat, 20 Jul 2024 08:55 PM (IST)
- Source:JND
Services of Microsoft Windows and other Microsoft 365 apps witnessed a major setback on Friday after the CrowdStrike update disrupted computers worldwide and forced the Blue Screen of Death (BSOD) on Windows. Hours after the outage, CrowdStrike shared an explanation of what went wrong from CrowdStrike's end that led to this disruption.
It all started with a sensor configuration update for Windows that was a part of the ongoing protection mechanisms of the Falcon platform. The update forced a logic error that led to a system crash and a blue screen on the affected devices. Users running the "Falcon sensor for Windows version 7.11 or later" version during the outage period may be affected by the change (between 04:09 UTC- 05:27 UTC).
Also Read: What Is CrowdStrike Update That Caused Microsoft Outage Globally? All You Need To Know
The configuration files (Channel Files) are a part of the protection mechanism, which the Falcon sensor uses to protect a system. It gets updated several times a day. In the case of the outage, "the impacted Channel File is 291 and has a filename that starts with 'C-00000291-' and ends with a .sys extension," CrowdStrike noted. "Channel File 291 controls how Falcon evaluates named pipe execution on Windows systems."
As CrowdStrike continues to work with customers and partners to resolve this incident, our team has written a technical overview of today’s events. We will continue to update our findings as the investigation progresses. https://t.co/xIDlV7yKVh
— George Kurtz (@George_Kurtz) July 20, 2024
These pipes are used for interprocess and intersystem communication in Windows. The affected update aimed to target the new malicious pipes that could have been used by C2 servers in cyberattacks. This configuration update caused an error and resulted in a system crash. The contents of Channel File 291 were updated to fix the issues and the Falcon sensor continues to protect against any abuse of named pipes.
The company has also undertaken a "root cause analysis" to determine how the flaw occurred. "We understand the gravity of the situation and are deeply sorry for the inconvenience and disruption. We are working with all impacted customers to ensure that systems are back up and they can deliver the services their customers are counting on," CrowdStrike said in a Newsroom post.