Blue Screen of Death a.k.a (BSoD), Blue Screen Error, Blue Screen, Deadly Error, or Bugcheck
It was supposed to be a busy Friday for most employees, but a glitch or you may call it an update turned it into an unexpectedly fun Friday. Organizations globally including airports, banks, media outlets, and hospitals came to a halt because of a Blue Screen of Death (BSoD). This BSoD probably happened because CrowdStrike's security software "Falcon Sensor" was being updated.?
What is the Blue Screen of Death (BSoD), blue screen error, blue screen, deadly error, or bugcheck?
The blue screen of death is officially known as a stop error 1.2.3. It is a critical error screen shown by the Microsoft Windows and ReactOS operating systems.?
It signifies there has been a system crash, which means the operating system has reached a point where it can't work safely anymore.
YOU CAN RUN INTO A PROBLEM IF YOUR COMPANY DOES NOT HAVE SECURITY TOOLS IN PLACE
and then nobody can restart your organization!
What happened?
Companies are having trouble with their systems, particularly those that are running Microsoft Windows. Affected systems display a “blue screen of death” suggesting Windows cannot load.
Microsoft blamed a CrowdStrike software update that was faulty. Falcon software from CrowdStrike prevents cyber threats using a package of cloud-delivered products for specific devices.
After receiving numerous reports that Windows hosts were experiencing the same Black Screen of Death (BSoD), CrowdStrike initiated an investigation and published an advisory. Also, CrowdStrike's CEO, George Kurtz, posted on social media platforms LinkedIn and Twitter that the companies had been impacted by a 'defect found in a single content update for Windows hosts.'
“Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed,”?- George Kurtz, President & CEO of CrowdStrike
The Impact of CrowdStrike's Falcon Sensor?
As a temporary solution to this BSoD, users can boot their machines into Safe Mode and remove a specific CrowdStrike component. Let's look at how:
Workaround Steps for individual hosts?
Note: Bitlocker-encrypted hosts may require a recovery key.
领英推荐
Workaround Steps for public cloud or sim jar environment including virtual?
Option 1:
Option 2:
Roll back to a snapshot before 0409 UTC.
Workaround Steps for Azure via serial
1. Login to Azure console - Go to Virtual Machines -> Select the VM
2. Upper left on console -> Click: "Connect" - Click -> Connect -> Click "More ways to Connect" -> Click : "Serial Console"
3. Step 3 : Once SAC has loaded, type in 'cd' and press enter.
a. type in 'cd' command
b. type in : ch -si 1
4. Press any key (space bar). Enter Administrator credentials
5. Type the following:
a. bcdedit /set {current) safeboot minimal
b. bodedit /set (current) safeboot network
6. Restart VM
7. Optional: How to confirm the boot state? Run command: ? wmic COMPUTERSYSTEM GET BootupState
Also, users are advised to check the latest updates from CrowdStrike’s portal.
The current global IT slowdown is caused by CrowdStrike, not Microsoft. - Kevin Beaumont, a reputable cybersecurity expert
The disruption caused by CrowdStrike has resulted in a significant amount of psychological problems.
Many cyber attacks are opportunistic and hackers benefit from picking the right time to strike. Currently, one of those chances has come up.
As we all try to figure out the solution on our own, so will our employees. This will open the door for attackers who will send "workaround steps" in the form of phishing emails or messages, which can lead to malware or a data breach.
We recommend that you:
Director @ PlanetHub MultiCorp Pvt. Ltd. | Technical Lead (Linux System Administrator)
4 个月https://www.dhirubhai.net/posts/anup-kumar-k_crowdstrike-windows-mac-activity-7220090659536261121-vefi?utm_source=share&utm_medium=member_desktop