On Friday the 19th July In the morning, a global outage of Microsoft systems began. Because of this, individual Windows users had problems, as well as many companies. Airlines canceled flights, Sky News was unable to broadcast from the morning, and the Australian telecommunications operator Telstra also had problems.
Not all Windows computers were affected, however. After some time, it turned out that although the failure caused problems with Windows systems, they were actually caused by the Falcon Sensor antivirus update. The source of the problem is not Microsoft, but the software creator – CrowdStrike.
The problem is not caused by Microsoft software, but by CrowdStrike. This is a 'next generation' antivirus. We can observe this novelty all over the world
– explained Piotr Konieczny from the Niebezpiecznik.pl portal on TVN24.
Microsoft's outage was really a CrowdStrike outage. It was caused by an antivirus update
The Falcon Sensor antivirus update has introduced code that doesn't work entirely correctly. As a result, computers that use this tool restart when they start up. And it happens every time.
An update in this antivirus caused a so-called death loop on Windows systems today. They are restarted, but this restart ends with the same
– Konieczny explained.
Let's emphasize once again: it wasn't Microsoft's tool that failed, but CrowdStrike's. That's why the problem only affects people and companies that use this particular antivirus, not all Windows users. The scale of the failure shows that Falcon Sensor is quite a popular tool.
Companies that have opted for other cybersecurity software have not experienced any problems. Konieczny explained that Microsoft has had similar problems in the past, but this time the company founded by Bill Gates is not responsible.
How to Fix Computer with Falcon Sensor by CrowdStrike? Just Delete One File, But It's Not That Easy
In theory, the fix is quite simple, you just need to delete system files matching the pattern C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys.
– The problem is that only system administrators can do this. And most people working on corporate computers does not have the appropriate permissions – Konieczny said. This, in turn, means that employees of companies whose computers have fallen into the “death loop” will have to go to the administrators so that they can manually remove the inappropriate files. This cannot be done remotely, because the computer does not start and there is no Internet connection to download a patch that could fix the problem.
It's a joke that CrowdStrike is the only company that has found a global solution to getting people into companies with their computers. Unfortunately, this downloading will probably take place this weekend, which means a lot of problems for employees of many different institutions
– said Konieczny.
Administrators will have a lot of work
– added the expert.
In his opinion, a return to normal should occur by the end of next week. However, many companies may resume operations sooner, even within a few hours, because their systems have been preventively shut down.
CrowdStrike CEO George Kurtz officially confirmed all of the above information. As he explained, the problem did not affect Mac and Linux systems. Kurtz emphasized that it was not attack hacker. The problem was identified, isolated, and repairs were undertaken.