Recently, major disruptions on CrowdStrike’s Falcon platform causing significant productivity impacts due to inaccessible documents have been reported. The CrowdStrike Falcon update has led to a “blue screen of death” globally, severely impacting business operations dependent on this technology. This issue requires immediate attention to mitigate potential system failures.

These disruptions highlight our dependency on key software and the critical nature of business continuity planning. Employees facing these issues are unable to perform essential tasks, emphasizing the need for robust, multi-layered security and continuity strategies. Events like this stress the importance of keeping business continuity high on the agenda.

CrowdStrike Specific Workaround

CrowdStrike customers affected by the “blue screen of death” issue should follow the vendor’s recommended workaround:

  • Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then:
    • Boot Windows into Safe Mode or the Windows Recovery Environment
      • NOTE: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation.
    • Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
    • Locate the file matching “C-00000291*.sys”, and delete it.
    • Boot the host normally.
      • Note: Bitlocker-encrypted hosts may require a recovery key

For detailed guidance, refer to CrowdStrike’s advisory here.

For our Quantum Security Gateway customers we recommend – as mitigation for potential gaps in your security during the disruption – to make sure you adhere to the best practices. Specifically, make sure the Threat Prevention and SandBlast software blades are enabled and set to Prevent.

At Check Point Software, we are here to assist affected enterprises in multiple ways beyond the immediate workaround. Our support extends not just on a product level, but also through comprehensive reviews of your architecture and zero-trust security workshops. The Check Point Infinity Platform can help ensure robust security and business continuity beyond endpoints. We aim to provide substantial value in the context of your enterprise’s needs, helping you navigate these disruptions effectively and enhance your overall cyber security posture. Our commitment is to work directly with enterprises, ensuring that your investment in security yields the best possible protection and continuity. We hope this global disruption is resolved soon, and we are ready to support you in any way we can.

For continuous updates and detailed insights into cyber security best practices, follow Check Point’s blog and stay informed about the latest developments in cyber security defense strategies.

 

You may also like