There seems to be an outage with anyone that is running Crowdstrike Falcon on their servers/computers. Just gives a bluescreen after this faulty update. Apparently, there’s a lot of people running this as it even took down a bunch of banks and airlines. It just seems crazy that an antivirus has the capability of doing this. Fortunately, only Microsoft products are affected, but that’s like majority of what businesses use. Like those airport kiosks/billboards/ticketing system.. etc I see most of them running Windows.
Fortunately, I don’t have to deal with this otherwise my weekend would be ruined. I just feel bad for the others. The only time I had an outage like this was when my only domain controller was offline due to a bad restart. Got stuck in DSRM (Directory Services Restore Mode) and I had to spend a few hours to get it back up and running. When you have DNS pointing to this and it’s your only DC to authenticate users. it can be pretty bad.
Luckily Crowdstrike provided a resolution, but it does require the user to boot into safe mode and remove the faulty file. For actual Cloud VMs you need to mount the OS disk volume to a working Virtual Server and remove the file that way.
https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/
This is just another reminder for me to be careful and test when you do updates. Or just use Linux for everything. Can’t get a BSOD from an antivirus, if your OS doesn’t have one
Also this scene from Space Force sums it up nicely. Although it’s not Microsoft’s fault, I bet the sysadmins dealing with this issue are feeling this right now..
