All our servers and company laptops went down at pretty much the same time. Laptops have been bootlooping to blue screen of death. It’s all very exciting, personally, as someone not responsible for fixing it.

Apparently caused by a bad CrowdStrike update.

Edit: now being told we (who almost all generally work from home) need to come into the office Monday as they can only apply the fix in-person. We’ll see if that changes over the weekend…

  • kadotux@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    89
    arrow-down
    2
    ·
    edit-2
    5 months ago

    Here’s the fix: (or rather workaround, released by CrowdStrike) 1)Boot to safe mode/recovery 2)Go to C:\Windows\System32\drivers\CrowdStrike 3)Delete the file matching “C-00000291*.sys” 4)Boot the system normally

    • StV2@lemmy.world
      link
      fedilink
      English
      arrow-up
      52
      arrow-down
      3
      ·
      5 months ago

      It’s disappointing that the fix is so easy to perform and yet it’ll almost certainly keep a lot of infrastructure down for hours because a majority of people seem too scared to try to fix anything on their own machine (or aren’t trusted to so they can’t even if they know how)

      • HaleHirsute@infosec.pub
        link
        fedilink
        English
        arrow-up
        56
        arrow-down
        1
        ·
        5 months ago

        They also gotta get the fix through a trusted channel and not randomly on the internet. (No offense to the person that gave the info, it’s maybe correct but you never know)

        • kadotux@sopuli.xyz
          link
          fedilink
          English
          arrow-up
          11
          arrow-down
          1
          ·
          5 months ago

          Yeah, and it’s unknown if CS is active after the workaround or not (source: hackernews commentator)

        • letsgo@lemm.ee
          link
          fedilink
          English
          arrow-up
          6
          ·
          5 months ago

          True, but knowing what the fix might be means you can Google it and see what comes back. It was on StackOverflow for example, but at the time of this comment has been taken offline for moderation - whatever that means.

        • ColeSloth@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          3
          ·
          5 months ago

          Meh. Even if it bricked crowdstrike instead of helping, you can just restore the file you deleted. A file in that folder can’t brick a windows system.

      • NaibofTabr@infosec.pub
        link
        fedilink
        English
        arrow-up
        39
        ·
        5 months ago

        This sort of fix might not be accessible to a lot of employees who don’t have admin access on their company laptops, and if the laptop can’t be accessed remotely by IT then the options are very limited. Trying to walk a lot of nontechnical users through this over the phone won’t go very well.

      • thehatfox@lemmy.world
        link
        fedilink
        English
        arrow-up
        28
        ·
        edit-2
        5 months ago

        Might seem easy to someone with a technical background. But the last thing businesses want to be doing is telling average end users to boot into safe mode and start deleting system files.

        If that started happening en masse we would quickly end up with far more problems than we started with. Plenty of users would end up deleting system32 entirely or something else equally damaging.

        • Ookami38@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          7
          ·
          5 months ago

          I do IT for some stores. My team lead briefly suggested having store managers try to do this fix. I HARD vetoed that. That’s only going to do more damage.

      • Grandwolf319@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        I wouldn’t fix it if it’s not my responsibly at work. What if I mess up and break things further?

        When things go wrong, best to just let people do the emergency process.

    • cheeseburger@lemmy.ca
      link
      fedilink
      English
      arrow-up
      33
      ·
      5 months ago

      I’m on a bridge still while we wait for Bitlocker recovery keys, so we can actually boot into safemode, but the Bitkocker key server is down as well…

    • WagnasT@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      5 months ago

      Man, it sure would suck if you could still get to safe mode from pressing f8. Can you imagine how terrible that’d be?

    • resin85@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      Not that easy when it’s a fleet of servers in multiple remote data centers. Lots of IT folks will be spending their weekend sitting in data center cages.