Cybercrime center provides updates, recommended solution to Windows crash

The Philippines' Cybercrime Investigation and Coordinating Center (CICC) confirmed early Saturday morning that Friday’s incident that Windows users worldwide facing severe disruptions due to a critical issue caused by an update to CrowdStrike's EDR Falcon Sensor software.

The update led to widespread "Blue Screen of Death" (BSOD) errors, resulting in repeated failed startup attempts across various sectors.

CICC said this glitch affected essential industries, including airlines, banks, supermarkets, and media companies.

Major US airlines like American Airlines, Delta Airlines, and United Airlines halted flights due to communication breakdowns.

Similarly, businesses in Australia, India, and other countries reported significant operational disruptions. In the Philippines several banks, airlines and a host of other businesses also reported service disruptions.

To remedy the situation, CICC issued the following recommendations:

a) For affected users, perform the following steps:

  • Boot Windows into Safe Mode or the Windows Recovery Environment.
  • Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
  • Locate the file matching “C-00000291*.sys”, and delete it.
  • Boot the host normally.

However, according to CrowdStrike, for those using virtual servers, the following steps must be taken:

  • Detach the operating system disk volume from the impacted virtual server.
  • Create a snapshot or backup of the disk volume before proceeding further as a precaution against unintended changes.
  • Attach/mount the volume to to a new virtual server.
  • Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory.
  • Locate the file matching “C-00000291*.sys”, and delete it.
  • Detach the volume from the new virtual server.
  • Reattach the fixed volume to the impacted virtual server.

b) To mitigate the risk of further complications, it's crucial to immediately disconnect affected devices from the main network.

c) Furthermore, users are strongly advised against forcing their laptops to shut down, hibernate, or restart, as these actions could result in irreversible data loss.

d) On the other hand, according to CrowdStrike, Windows hosts which have not been impacted do not require any action as the problematic channel file has been reverted.

CrowdStrike has deployed a new content update that resolves the previously erroneous update and subsequent host issues. As devices receive this update, they may need to reboot for the changes to take effect and for the BSOD issues to be resolved.

Taking these actions are critical to prevent worsening the situation and ensure the affected devices can be safely restored.

Featured News
Explore the latest news from InsiderPH
Tuesday, 5 November 2024
Insight to the one percent
© 2024 InsiderPH, All Rights Reserved.