07-19-2024, 11:38 AM
|
#61
|
|
Franchise Player
Join Date: Mar 2015
Location: Pickle Jar Lake
|
Quote:
Originally Posted by nfotiu
How did an update like this hit every server worldwide at the same time?
|
If this is true, it's the usual foe. Incompetence.
Quote:
|
What happened here was they pushed a new kernel driver out to every client without authorization to fix an issue with slowness and latency that was in the previous Falcon sensor product. They have a staging system which is supposed to give clients control over this but they pissed over everyone's staging and rules and just pushed this to production.
|
https://news.ycombinator.com/item?id=41003390
|
|
|
|
The Following User Says Thank You to Fuzz For This Useful Post:
|
|
|
07-19-2024, 11:43 AM
|
#62
|
|
Franchise Player
Join Date: Jul 2010
Location: Apartment 5A
|
How very Rogers of them
|
|
|
|
|
The Following User Says Thank You to KelVarnsen For This Useful Post:
|
|
|
07-19-2024, 11:44 AM
|
#63
|
|
UnModerator
Join Date: Dec 2004
Location: North Vancouver, British Columbia.
|
That's a whoopsie-oopsie.
__________________
THANK MR DEMKOCPHL Ottawa Vancouver
|
|
|
|
The Following 4 Users Say Thank You to Reggie Dunlop For This Useful Post:
|
|
|
07-19-2024, 12:05 PM
|
#65
|
|
#1 Goaltender
|
Quote:
Originally Posted by Fuzz
|
"Who needs change mangement and processes when I want to go on vacation early? Just push it no one will notice"
CIO will likely be forced to resign, in the end processes and security measures are built from the top down.
|
|
|
|
|
07-19-2024, 12:12 PM
|
#66
|
|
Franchise Player
Join Date: Mar 2015
Location: Pickle Jar Lake
|
Quote:
Originally Posted by Firebot
"Who needs change mangement and processes when I want to go on vacation early? Just push it no one will notice"
CIO will likely be forced to resign, in the end processes and security measures are built from the top down.
|
The CEO won't be racing his car today, that's for sure.
https://www.theautopian.com/think-yo...-this-weekend/
|
|
|
|
|
07-19-2024, 12:18 PM
|
#67
|
|
Franchise Player
|
Quote:
Originally Posted by Fuzz
|
What a dumb article lol. CEO has hobby and he isn't doing it today. Ok?
__________________
Quote:
Originally Posted by MisterJoji
Johnny eats garbage and isn’t 100% committed.
|
|
|
|
|
|
The Following User Says Thank You to nik- For This Useful Post:
|
|
|
07-19-2024, 12:19 PM
|
#68
|
|
Franchise Player
Join Date: Mar 2015
Location: Pickle Jar Lake
|
Quote:
Originally Posted by nik-
What a dumb article lol. CEO has hobby and he isn't doing it today. Ok?
|
It's a car site, they need to leverage the connection to a massive news story somehow. Doin' it for the clicks!
|
|
|
|
|
07-19-2024, 12:20 PM
|
#69
|
|
Franchise Player
Join Date: Oct 2006
Location: San Fernando Valley
|
LOL I take the afternoon off today to do estate stuff getting checks to pay charities, beneficiaries, etc and of course I walk into TD bank and they are down. Oh well it's a nice afternoon to go do something else I guess.
|
|
|
|
|
07-19-2024, 12:28 PM
|
#70
|
|
Franchise Player
|
Quote:
Originally Posted by nfotiu
How did an update like this hit every server worldwide at the same time?
|
I'm guessing some genius decided his code change was good and pushed it direct to prod
|
|
|
|
|
07-19-2024, 02:39 PM
|
#71
|
|
#1 Goaltender
|
It's absolutely mind boggling just how massive of an disaster this is. This will take some enterprises weeks to figure out and fix in some instances and in some cases may not be possible. You can't send updates to a PC that is in a BSOD loop and you cannot do the workaround fix if it cannot get in safe mode (Bitlocker).
This is like the ultimate cybersecurity incident. You can bet companies around the world will be reviewing their BCP and disaster recovery plans on Monday.
|
|
|
|
|
07-19-2024, 02:54 PM
|
#72
|
|
Franchise Player
Join Date: Apr 2008
Location: Calgary
|
Our POS provider just supplied another update, they figure another 5-6 hours to really get things back to normal. Despite the fixes supplied by Crowdstrike and Microsoft there is a lot of additional troubleshooting and remediation required.
|
|
|
|
|
07-19-2024, 02:54 PM
|
#73
|
|
Franchise Player
Join Date: Mar 2015
Location: Pickle Jar Lake
|
I don't think there are any systems that can't be fixed, it is just a pain. Even the bitlocker ones can be done without the bitlocker key by using bcdedit.
Quote:
- Cycle through BSODs until you get the recovery screen.
- Navigate to Troubleshoot > Advanced Options > Startup Settings
- Press Restart
- Skip the first Bitlocker recovery key prompt by pressing Esc
- Skip the second Bitlocker recovery key prompt by selecting Skip This Drive in the bottom right
- Navigate to Troubleshoot > Advanced Options > Command Prompt
- Type bcdedit /set {default} safeboot minimal. then press enter.
- Go back to the WinRE main menu and select Continue.
- It may cycle 2-3 times.
- If you booted into safe mode, log in per normal.
- Open Windows Explorer, navigate to C:\Windows\System32\drivers\Crowdstrike
- Delete the offending file (STARTS with C-00000291*. sys file extension)
- Open command prompt (as administrator)
- Type bcdedit /deletevalue {default} safeboot, then press enter. 5. Restart as normal, confirm normal behavior.
|
https://old.reddit.com/r/crowdstrike...strike_update/
But questions will be asked(yelled).
|
|
|
|
|
07-19-2024, 03:27 PM
|
#74
|
|
#1 Goaltender
|
Quote:
Originally Posted by Fuzz
I don't think there are any systems that can't be fixed, it is just a pain. Even the bitlocker ones can be done without the bitlocker key by using bcdedit.
|
Yes sure, but do this 5000 times physically on each device at a larger size company on a Friday where most people are working from home and staff are on vacation and have branch offices across the country with outsourced IT 
|
|
|
|
|
07-19-2024, 03:30 PM
|
#75
|
|
Franchise Player
Join Date: Mar 2015
Location: Pickle Jar Lake
|
Oh, it's absolutely a disaster, I just don't think it's an unsolvable data loss event. I do think some people will be reconsidering where their bitlocker keys get stored, though.
|
|
|
|
|
The Following User Says Thank You to Fuzz For This Useful Post:
|
|
|
07-19-2024, 03:33 PM
|
#76
|
|
Franchise Player
|
Quote:
Originally Posted by activeStick
I'm guessing some genius decided his code change was good and pushed it direct to prod
|
#### it, hit enter and leave early for the weekend!
|
|
|
|
|
07-19-2024, 05:12 PM
|
#77
|
|
Franchise Player
Join Date: Aug 2005
Location: Memento Mori
|
Quote:
Originally Posted by Azure
|
Absolutely ####ing hilarious.
__________________
If you don't pass this sig to ten of your friends, you will become an Oilers fan.
|
|
|
|
|
07-19-2024, 09:14 PM
|
#78
|
|
#1 Goaltender
|
A friend's company got hit by this here in town. 500+ systems. Their team started fixing around 7am and finished up around 6pm. He said it was mind numbing work, entering BL keys for approx 11 hours. Happy to have it all sorted, but I'm sure there's a seething, underlying rage for CrowdStrike within their team.
|
|
|
|
|
07-20-2024, 08:34 AM
|
#80
|
|
Had an idea!
|
Protect yourself from ransomware by installing Crowdstrike!
Except when Crowdstrike decides they have no clue what they're doing and BSODs your entire IT infrastructure just because they can!
Reading the posts on Reddit where IT staff are dealing with this, goodness sake. Crowdstrike should get sued to oblivion and die in a fire.
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -6. The time now is 01:43 AM.
|
|
