Consider the delicious irony of a "security company" bricking half the computers in the world.

Who could have imagined that installing a 3rd party rootkit on every device is bad? Shocking 🙃

As well as BitLocker recovery key we also needed to use the local admin account as the folder couldn't be accessed without elevated privileges, further compounded by each PC having a unique password. Ten to fifteen minutes of telephone support to talk the user through this.

"Hotline, we have a massive problem!!" - "Ok shoot!" - "We use Windows 11 servers and..." - "Well, you said that already."

This patchpocalypse is the best advertisement for Linux EVVAAAARRR Thank you Crowdstrike, I love you 🥰

The first (really the only) question is why CrowdStrike is not using a staged rollout with telemetry to verify that systems being updated remain functional?

I have been using GNU/Linux for the last 30 years and everything works perfectly for me, for free. And my valuable data are at home, not in a data center far far away.

Yes, centralisation of capabilities to one company is dangerous

I'd like to see you discuss whether a modern up to date windows server, configured correctly, actually needs crowdstrike or similar products.

Astronaut: Houston, we have a problem. Base: ah, hold on, we have blue screen on all our computers!

This news channel is the only one being realistic about the recovery time. Other news channels thinks that the disruption will be fixed in days.

*HERE IN BULGARIA* in our cash-based society - nothing changed, we all just want about life as normal. Imagine if your systems went down for 2 weeks - you would all literally be starving

Promoted via US Government CISA via events and embedded in training. Also often recommended for federal contractors

Yesterday was a big win for CrowdStrike. Finally a virus protection program that disabled the most prolific spyware program on the internet - Microsoft Windows. No Linux/Mac products were harmed.

Did they not test their patch before deploying? It's very hard to believe this error wouldn't have shown up in testing. And it's always a really good idea to deploy patches just before the weekend.....said nobody in IT ever. The fail is strong.

End user devices are going to be the huge issue - looking up all those Bitlocker keys, walking tech or even end user in to deleting the bad file. Hopefully most of the servers have remote management interfaces (different from remote desktop), whereby preboot environments are accessible over a remote connection via VNC and the like.

"Windows 2008 Server not affected". I can wipe the sweat from my brow 🤣🤣

I live in a cabin in the woods like ol' Ted, i was entirely unaffected.

This could have all been avoided if Windows had an A/B update system like ChromeOS. Having failed to boot the updated partition it would have failed back.

Interesting show. However, I would like to point out that this only impacted companies using CS, not regular home users unless you are using CS. The issue was CS was also installed on Windows Server OS. Also, there was a CS issue with Linux in the past. The issue was bad or not enough testing by CS. Now the bigger question is, was this a test for something to come?? Thanks for the show

At my workplace only the servers were running Crowdstrike, the clients are using Windows Defender and even though a lot of servers went down it was possible to manage the situation. However as I see it the Windows platform is based on a design that was made in the early 1990's and it has been showing its age for some time now. Unfortunately Microsoft is heading into a direction that will make them basically a single point of failure with worldwide impact if they go down since they are heading for a direction where every login and every bitlocker key is in their pocket. It's now almost impossible to set up a local account on your computer and for all new computers the disks are going to by default be encrypted with bitlocker. With that in mind - Microsoft will basically have every company and personal computer held hostage. If you haven't been touching your files for some time they are removed locally and now only exists in the "cloud" held by Microsoft. I can think of some scenarios: 1. Microsoft decides that your computer is obsolete and prevents you from using it. 2. The cloud service of Microsoft gets hacked or goes down for an extended time. 3. Internet is shut off for some reason preventing your computer from connecting to the cloud.

Be still my beating heart El Reg has a YT channel. Instant sub.

I had a dead motherboard a few years ago, the drives had Bitlocker enabled. As you cannot unlock in a new machine with your regular key, you need the recovery key. Lost all my data. Nowadays I'm on Linux with Luks, it's far better.

All I can say is test your product to destruction, I suspect Cloudstrike don't test at an acceptable level and believe that shortcuts they made in the past testing will be OK to use today. Cloudstrike claims it's not a security issue but is wrong because that will be judged by their customer base, who'll see it as a security issue due to their systems becoming inoperable. Anything that causes a company to lose money is a security issue.

With Microsoft there is no better alternative , but for CS there are a lot of. After spending 9 hours fixing our computers and servers I hope our company will get rid of this spying software

So microsoft was bitten by FORCED BLIND UPDATES.. who would have thunk such a thing could go wrong.

The irony is this issue typically only hit organisations who had the awareness that they needed to run and deploy an EDR/XDR solution. Lesser aware IT shops, who did not have the time or resources to stay on top of things, have been spared this disruption....

The sys driver file was all zeros and could bot have contained a valid signature. Why did a sys file without a valid signature even get loaded by a supposedly top security company? Isn’t that a security risk? This makes me question their whole overhyped approach to security.

Starting Monday (if not already) one or more people at CrowdStrike will be looking for jobs in another field! I wonder if the Walmart in Austin TX is hiring greeters?

it's not a virus definition. the corrupted file has the extension of .sys and it's loading on a very low level.

CrowdStrike started pushing D.E.I instead of quality.. This is what happens!

Waiting for the law suits to be issued...

I heard Crowdstrike will rebrand as SkyNet.

If you have a server, run a server OS. Which would be Linux. If you run the XBox OS on it, it's not a server, it's a game console.

Now every computer that's down needs a tech to restart it with high-level verification who is validating that these people are doing their job right and not more concerning information in this update when they remove the file

The definition file was just a chunk of null characters. I wouldn't be surprised if the Azure outage was the original cause of the null file being distributed in the first place.

Why did the update not roll out in a more controlled way with verifications-/validations from both customer's IT-staff and Crowdstrike? Before going in production.

people just need to anticipate this sort of stuff... maybe keep some domain controllers physical with a different AV than CrowdStrike... some paper runbooks in safes etc.

IT people should see this as an opportunity to earn some extra cash. No doubt, many organizations will be hiring temporary workers to crawl from keyboard-to-keyboard.

Hopefully this will force companies to wake up and switch to Linux. You do not need a full Windows PC just to drive a self checkout or a departure board! There are $5 micro controllers that can do this.

This outage is roughly what Y2K could have been like in terms of social impact if we hadn't prepared for it. Mostly different technologies at this point, of course.

and the issue remains, as crowdstrike could press a button and brick all their clients computers again.

If you use windows you have to be ready for anything. There was no code that broke crowdstrike. They release an update filled with null pointers. It was effectively empty lol

Time to get rid of this crapware

*AS A MAC USER* Im in genuine danger of exploding with smugness... 😀

The definition file that went out was all nulls. It corrupted at some point in the process.

now they should look hard into diversifying their security AV software having 2 or 3 different vendors in their infrastructure so that if you have 2 different companies at least it would be 50% affected or with 3 vendors only 33% of your infrasture would be affected....the same can be said of relying on one OS like Windows.

Companies will sue Microsoft, their prodict failed to start !

We need universal standards for deploying changes that touch the kernel. And never deploy on a Friday. Internal culture failure.

I agree with them, we should not rely on one OS like Windows or CrowdStrikes.

I hope these companies will pay bonus to their it department and buy them cookies every week

The first time the reg showed up on my feed!!!

Makes you question. If we should run everything from the cloud

For all those saying "switch to linux" just do a quick search and you'll find CS did a similar thing to Debian back in April 2024.

Whitney Webb predicted about a year ago that this would happen.

for people in remote working mode and/or week-end assigment for thei IT dept. might have caused havoc ...

It would not surprise me if Microsoft start to quietly sunset Windows Server. My guess is that behind the scenes 95% of their fabric is running on linux variants anyway.

No bank, no taxi, no coffee, food bank overload, starvation/ the servers are down!😏

It's absolutely Microsoft fault and it is Crowdstrike fault, they both created this situation and I don't hear anything about compensation for the mess they've created

I think this is more on Microsoft than Crowdstrike. A single definitions file shouldn't bring down the whole OS.

Ummm there is a problem if the driver doesn't validate the definition.

😼 All the not smirking I'm seeing here 😼

That's the trouble when people rely on tech

As a plus two decades Linux user ... all I can do is shake my head. People just doesn't want to learn.

Space X and Tesla were completely unaffected. Elon Musk steadfastly refused to do business with CrowdStrike, even though it is in his preferred city of Austin. So, companies with DEI departments should absolutely love CrowdStrike! After all, they must support their fellow DEI hires in all that they destroy.

Crowd strike implemented a scheme similar to other cyber security software vendors but that doesn't make it right These cybersecurity software applications are overprivileged on the operating system operating at a kernel level... Extremely dangerous and it is malpractice to have allowed them to be installed on all these systems or any similar cybersecurity software; this stuff needs to be isolated

What are u guys doing st my house taking my pitur showing to world ?

Has no-one ever heard of CHEQUES ?

It you get a flat tire, you get to a halt too, people....if you don't have the lug nut key, you can't change the tire , same as not having the BitLocker key😂😂😂😂

If an OTA update can derail the global economy, it's clear how dependent we are on software. It don't matter if people use Windows or Mac. We know China has zero day exploits waiting on Mac and Windows to deploy at their choosing. All of our food and water is dependent on code and software. Everyone should just start thinking about food and water for 30 days at home at the very least.

wish john mcafee was here to see this. RIP

Software is political. The Linux stock exchange servers are purring. All operating systems are the same right? My custom Linux desktops 20+ years rock solid.

Companies will forget about this in a few weeks. It is by far the best security solution out there. All the others just aren’t as robust with preventing breaches. The same exact issue happened with McAfee a decade ago so it just happens when things move so quickly

Real time updates to production systems...hmmmm

So thankful we don't user CS.... We are not bothered by this shit show.

Unbelievable.

Most servers are Linux now

Move to Sophos.

Look at the Root! This is the problem with Software as a Services. Everything is Catastrophic when it's reliant on One system.

Who said it is not a kind of cyber attack!? Or type of hack against cs.. Stop trusting everything the ceo's say

once again we miss the forest for the trees or is that the sky for the clouds ? either way, that darned BSOD is what has been causing much mess. why did it comeback again. guess who created it and why its back on us again. and after this would you still get yourselves stuck on the same ole OS ?

Public Infrastructure = Public Code. Period.

try to delete some antivirus from windows, it’s impossible

That was a rather low tech talk, you do realize you could do things like not releasing updates to all system as the same time. When the hell did we stop testing on the purchase level of products? I always used testing environments for new updates and then I never updated all 30000 machines at the same time. This was not a critical emergency update! But I guess some lazy ass tech guy though it was better to be sleeping, most likely because greed didn't want to pay, bit chilling to see even The Register just boothlicking, instead of reporting on what really is the problem, because the "problem" is what get you paid.

Should've lasted longer

Thank you for not putting Microsoft images on the headline image implying that Microsoft had any part in causing this mess, which so many other commentators are (still) doing. Did Crowdstrike do any testing of their builds before pushing them out? Beggars belief... Any IT department that does not know the Recovery Key for the Bitlockered systems they support are incompetent. Managers should answer what contingencies they have for catastrophic failures. Alternative methods of getting access to the Windows System should be second nature to any competent IT technician. A bit of a wake up call. What are they going to do next time?

have you tried switching off and on again .... 15 times .... 🤣🤣🤣🤣

I wonder if anyone knows how to program? Probably not I know someone who can, but ive got to take a shit

Why TF anyone is still using Windows to run critical infrastructure??

Have some cash at home.

lol the backgrounds in this video

Why people are not suing Microsoft ? If their software has caused loss to my business, they are responsible for it.

You can't just go on pretending windows is serious thing. It is only adequate for gaming.

Nobody says it aloud thet modern Windows still needs the 3rt party security packagew with such high privileges. Failure of Microsoft, too.

The Solution is using cloud virtualized desktops that could easily be restored, this has been the standard four servers for a long time, its time to virtualize everything

Crowdstrike should be renamed Clownstrike. Cause everyone who uses this software and produced this software are clowns 😂

Yeah, let's go to digital currency! 🤣

Snowflake will be happy

The COVID 19 of computers

Alex jones was right