CrowdStrike crashing computers worldwide
- Thread starter noleclone2
- Start date
I'm fortunate I don't have to deal with bad software at work. (Besides the shit we write)
This is an important point. It's not a great practice to set your mission critical systems to autoupdate en masse, especially for third party software that has drivers running in kernel space. Yes, it's CrowdStrike's fault, but you have to assume there will be occasional bugs and roll out updates cautiously.
Took me over 20 minutes on the phone with IT this morning to sort this out before anybody else woke up so i could avoid overnighting my laptop across the country to the office. All so I could run a 1 line statement in the command prompt
Took me 72 minutes with my IT. I have a 7 letter account ID needed to find my account. I must have read it to her 7 times (using NATO phonetics) that she screwed up 7 times. That was honestly the most difficult part.
DEI. smdh.
Kidding. Unless you think DEI also means offshoring IT support to Bangladesh/Mumbai/Manila
Crowdstrike doubling down on the shit show with a shit response.
$10 Uber Eats voucher?
$10 Uber Eats voucher?
Oh FFS, they can't get out of their own way on this..... I'd bet they are looking for new experienced QA managers and QA dev team...
New bottom found today on the stock.
No company should ever run updates en masse to a bunch of prod servers. Hell we even patch sandbox environments with Windows before going live. I've seen enough .NET errors after patching to know better
It’s definitely an indictment of the patch practices of the affected parties, but holy hell, how did such a backbreaking update get through Crowdstrike’s testing? It’s not look this took down an obscure iteration of Windows, it seems like it was universally destructive.
CrowdStrike to vendors: Sorry for the global tech outage. Here’s a $10 Uber Eats voucher
https://www.cnn.com/2024/07/24/business/crowdstrike-outage-uber-eats/index.html
https://www.cnn.com/2024/07/24/business/crowdstrike-outage-uber-eats/index.html
Not necessarily in this case. From what I understand this wasn't a full application update and more of a... virus definition update. These updates for Falcon bypass official policies and can access the kernel of Windows OS, which is why it was so devastating. Presumably these updates went via a Crowdstrike agent installed on the machines. We use Intune for example, so a patch or update for the application itself would need to be pushed via Intune, but they would be able to bypass Intune completely by pushing a definition update directly through the agent installed on the device. This really isn't unheard of, but to push code updates to the kernel level without them being verified is absolute madness.
Windows has a process of vetting any and all code running at the kernel level, but Crowdstrike also bypassed this, presumably to save time pushing these definition updates. So they might have had a driver with a valid cert, the code in the driver could be changed which wouldn't affect the validity of the cert on the outside.
This fella explains it very well:
Crowdstrike is already denying some of the above, but most people in the know think they're completely full of shit.
Last edited:
