Update July 22, 2024: CrowdStrike has added that it has "tested a new technique to accelerate impacted system remediation".
Update July 24, 2024: CrowdStrike has now explained in brief what went wrong.
Update August 7, 2024: CrowdStrike has published a final report.
This week, almost the entire enterprise and business sector running Windows PCs got hit by a buggy CrowdStrike Falcon sensor software update. This would lead to BSODs (blue screen of deaths) on such affected systems with an error message "csagent.sys (PAGE_FAULT_IN_NONEPAGED_AREA)." Crowdstrike Falcon sensor SOAR (Security Orchestration, Automation and Response) is an endpoint security solution by the firm intended to prevent malware and various cyberattacks.
The official Microsoft 365 Status X handle also declared that it was aware of the global outage and that the bug was being tracked under ID WP821561 in the Microsoft 365 admin center. Realizing that recovering from such a massive outage was not going to be easy, the tech giant pointed towards its guidance about restoring business and enterprise systems to an earlier working point as a temporary workaround.
CrowdStrike too offered workarounds for the issue that we covered in a dedicated piece. Following that, today, the company has published a new "Remediation and Guidance Hub" support page where it has explained in various points on how to deal with the issue such that IT and system admins can find all that they need in one place.
The page also contains a summary of the issue followed by the statement of the CEO. The issue is covered in detail across the following points:
Technical Details
Non-Impacted Hosts
How do I Identify Impacted Hosts?
How do I Identify Impacted Hosts via Advanced Event Search Query?
How do I Identify Impacted Hosts via Dashboard?
How do I Remediate Impacted Hosts?
How do I Remediate Individual Hosts?
- How do I Recover Bitlocker Keys?
How to Recover Cloud-Based Environment Resources
Third Party Vendor Information
You can find the support page here on CrowdSrtike's official website. Microsoft too has published its guide regarding the issue as well as a Recovery Tool.
21 Comments - Add comment