CrowdStrike update caused BSOD on hospitals, banks, servers worldwide

Mumbly

@default said: And this was likely done automatically, because Windows does updates automatically.

You don’t get it, honey, do you? It’s not a Windows update, it’s a CrowdStrike update.
Oh, and the antivirus updates automatically? Well, isn’t that a surprise…

default

@dev_vps said:
Handwritten boarding pass issued as system was down. Image taken from internet.

It seems we can always return to pen and paper.

default

@Mumbly said:

@default said: And this was likely done automatically, because Windows does updates automatically.

Oh, the antivirus updates automatically? Well, isn’t that a surprise…

Initially it was announced a Windows problem as in Windows update. Now it turns out to be an update from CrowdStrike which affected Windows machines.

You were right to blame the software.

JerryHou

Biggest IT down day ever?

Levi

Crowdstrike stocks plumeting this month. But overall they are doing fine.

SplitIce

Levi

@JerryHou said:
Biggest IT down day ever?

Y2K was bigger afaik.

jfreak53

Maybe after this blunder the world might learn they need to run critical on linux not windows 🤦🏻‍♂️

COLBYLICIOUS

Just imagine if Cloudflare will go down how many websites will be dead.

Levi

@COLBYLICIOUS said:
Just imagine if Cloudflare will go down how many websites will be dead.

And cf has good recipe for disaster - single homed domain. All their 400+ nameservers are *.cloudflare.com

boot

@Levi said:

@JerryHou said:
Biggest IT down day ever?

Y2K was bigger afaik.

Were you alive for Y2K? Nothing happened.

@COLBYLICIOUS said:
Just imagine if Cloudflare will go down how many websites will be dead.

Cloudflare could go away permanently and I wouldn't lose a rem of sleep.

boot

Blue screen of def.

raindog308

Yawn...yeah, been up since 3am working on this.

@default said: Because they are idiots. They never heard of *BSD or Linux. Many people think that paying a license fee makes things easier and the problems magically go away.

Tell me you have never worked in a large enterprise environment without telling me.

Big orgs have thousands, maybe tens of thousands of interconnected applications. You don't always get to pick the platform.

Every Fortune 1000 CIO has heard of Linux and every single one deploys a ton of Linux, other than maybe MSFT itself.

When I was on the Linux Foundation advisory board in the early 2000s, it was filled with big household name company CIOs and they all were very eager to deploy Linux because it was commoditized and cheaper. They are not "idiots". They just work in the real world.

default

@COLBYLICIOUS said:
Just imagine if Cloudflare will go down how many websites will be dead.

That would bad for the moment, but it might prove to be good for the future of a more decentralized web. In my humble opinion too much stuff is reliant on a single brand.

yoursunny

@COLBYLICIOUS said:
Just imagine if Cloudflare will go down how many websites will be dead.

How to ask for a Cloudflare refund for a website on the free plan?

COLBYLICIOUS

@yoursunny said:

@COLBYLICIOUS said:
Just imagine if Cloudflare will go down how many websites will be dead.

How to ask for a Cloudflare refund for a website on the free plan?

"I am losing millions of dollars/minute"

Levi

@boot said: Were you alive for Y2K? Nothing happened.

I was in my late 50 at that moment. "Nothing happened"... It made to the movies! And whole world (only murica tbh) spoke about it! That's huge.

default

@raindog308 said:
Yawn...yeah, been up since 3am working on this.

@default said: Because they are idiots. They never heard of *BSD or Linux. Many people think that paying a license fee makes things easier and the problems magically go away.

Tell me you have never worked in a large enterprise environment without telling me.

Big orgs have thousands, maybe tens of thousands of interconnected applications. You don't always get to pick the platform.

Every Fortune 1000 CIO has heard of Linux and every single one deploys a ton of Linux, other than maybe MSFT itself.

When I was on the Linux Foundation advisory board in the early 2000s, it was filled with big household name company CIOs and they all were very eager to deploy Linux because it was commoditized and cheaper. They are not "idiots". They just work in the real world.

I made an assumption of Windows fault based on the information made public through media as a problem coming from an Windows update. I was wrong. I humbly take my words back in light of new information.

To answer your challenge: No. I never worked in large enterprise environment with thousands of applications.

Mumbly

@jfreak53 said:
Maybe after this blunder the world might learn they need to run critical on linux not windows 🤦🏻‍♂️

Really? If the people who say this only knew their Linux...

Let me explain you. This is not Windows' fault and could happen to any OS.
A properly written AV recognition pattern would probably crash any OS as AV operates at the kernel level. Even in Linux, a poorly written kernel module can crash the system.

Levi

We need something from IBM…

dev_vps

None of our Windows Servers or client workstation affected at my work place.

So this is definitely nothing to do with Windows Auto update.

dosai

https://news.ycombinator.com/item?id=41003390

hecatae

Crowdstrike have managed to shave 11% off their share price before the NASDAQ has even opened for trading:
https://www.nasdaq.com/market-activity/stocks/crwd

Crowdstrike CEO is calling it a Content Update, whatever that is, I do not use Microsoft for anything I use.

Mumbly

@dosai said:
https://news.ycombinator.com/item?id=41003390

Thanks!

Throwaway account...
CrowdStrike in this context is a NT kernel loadable module (a .sys file) which does syscall level interception and logs then to a separate process on the machine. It can also STOP syscalls from working if they are trying to connect out to other nodes and accessing files they shouldn't be (using some drunk ass heuristics).

What happened here was they pushed a new kernel driver out to every client without authorization to fix an issue with slowness and latency that was in the previous Falcon sensor product. They have a staging system which is supposed to give clients control over this but they pissed over everyone's staging and rules and just pushed this to production.

This has taken us out and we have 30 people currently doing recovery and DR. Most of our nodes are boot looping with blue screens which in the cloud is not something you can just hit F8 and remove the driver. We have to literally take each node down, attach the disk to a working node, delete the .sys file and bring it up. Either that or bring up a new node entirely from a snapshot.

This is fine but EC2 is rammed with people doing this now so it's taking forever. Storage latency is through the roof.

I fought for months to keep this shit out of production because of this reason. I am now busy but vindicated.

Edit: to all the people moaning about windows, we've had no problems with Windows. This is not a windows issue. This is a third party security vendor shitting in the kernel.

DP

FAT32

I have to explain to so many people it is NOT freaking Microsoft issues but Crowdstrike...

Mumbly

@FAT32 said:
I have to explain to so many people it is NOT freaking Microsoft issues but Crowdstrike...

I am doing this since the beginning of this thread... :P

dev_vps

@FAT32 said:
I have to explain to so many people it is NOT freaking Microsoft issues but Crowdstrike...

Absolutely.
Not a Microsoft Windows issue.
Here is my @host_c VPS running Windows Server 2022 OS

-- it would have been much more than 38 days, but I had to restart when upgraded to 10TB storage

Maounique

@raindog308 said: other than maybe MSFT itself.

MS runs on Linux :P

"Native Azure services are often running on Linux. Microsoft is building more of these services. For example, Azure's Software Defined Network (SDN) is based on Linux."

Of course, that is not an official policy and there are still tons of services running on Windows, but you get the picture.

Void

Meanwhile Microsoft presale teams:

Reasons why you should pick MDE for your EDR needs.

1) Not Crowdstrike