Windows 10: CrowdStrike in a nutshell: how a faulty software update took down millions of Windows PCs

A software update by cybersecurity company CrowdStrike was responsible for taking down millions of Windows PCs, some of them in critical industries.

Last Friday, reports started to come in from companies and organizations from different parts of the world that they experienced computer issues.

This incident affected airports, TV stations, air traffic control systems, banks, ticket purchase systems, retailers, and systems of other companies and organizations. Flights could not take off, flight tickets could not get printed, TV broadcasters went offline, hospitals and banks were affected, and numerous other industries experienced service interruptions.

The initial panic of a world-wide cyberattack turned out to be wrong. Instead, security analysts and administrators from all over the world suggested that the issue was caused by a faulty update of security software. One developed and maintained by CrowdStrike.

What is CrowdStrike?


CrowdStrike is a Texas-based cybersecurity company that develops security products. It is a market leader for endpoint security products and many Fortune 500 companies and other organizations use CrowdStrike products for security.

The company's Falcon security product is an Enterprise Detection and Response (EDR) security software for devices. System updates are pushed via so-called channel files, which are pushed to connected devices automatically.

What happened on Friday and on the weekend?


Cybersecurity company CrowdStrike released a security update on Friday that auto-installed on millions of Windows PCs. This update was faulty and it caused bluescreen errors on PCs it was installed on.



While Windows PCs were affected, the issue itself was not caused by Microsoft or Windows.

Administrators could not restore access to the devices easily, which meant that critical systems remained offline. Up to the day of writing, some systems remain offline.

Workarounds were published quickly, for instance on Reddit and other forums. Microsoft published guidance on Saturday, and CrowdStrike did so on Friday already. There is also a long technical post that provides answers to common issues.

Microsoft said on Saturday that 8.5 million Windows PCS were taken offline because of the security update. It also said that this affected less than 1 percent of the entire Windows population.

However, CrowdStrike solutions are not available for home users and small businesses. This makes it a much larger incident percentage-wise, considering that only Enterprise customers could potentially use the company's security solutions.

Microsoft published a recovery tool on Saturday that admins could run to recover the system either from WinPE or safe mode.

On BitLocker enabled machines, it is also necessary to enter the BitLocker recovery key according to the posted instructions. This Microsoft support page may be helpful to find out where to look it up.

How could this happen?


CrowdStrike has not published a full account of the incident. The big question that is on anyone's mind, and especially on the minds of system administrators who spend many hours on Friday and possibly the weekend to resolve the issue, is "how could this happen".

How could CrowdStrike release an update that was obviously faulty? How did CrowdStrike test the update before its release? How could it land automatically on more than 8 million PCs before its distribution was stopped?

These have not been answered by CrowdStrike up to this point.

What about you? Where you affected by CrowdStrike, e.g., as an administrator who had to repair affected Windows PCs?

Thank you for being a Ghacks reader. The post CrowdStrike in a nutshell: how a faulty software update took down millions of Windows PCs appeared first on gHacks Technology News.

read more...

 

CrowdStrike Falcon Sensor Installation Failure

Hello,

We are working through deploying CrowdStrike as our new IDS/IPS and had a few machines decide not to cooperate. I have been in contact with CrowdStrike support to the extent they told me I need a Windows specialist.

So far I have run CrowdStrike's Windows diagnostic tool, A "Get-InstallerRegistration.ps1" from CrowdStrike support, collected a Windows Installation Log during install attempt, and also run Windows ProcMon during Installation.

When running the installation a dialogue box appears that says, "Service 'Crowdstrike Falcon Sensor Service' (CSFalconService) could not be installed. Verify you have sufficient privileges to install system services.'

I do have admin rights, have right-clicked and Run as Admin.

Any help is appreciated.

 

Overclocking / Undervolting guide for Vega 56 or 64?

Here's a quick laundry list:

List of software to use for overclocking and testing
Examples:
Wattman (and how to find and use it, like an overview, including profiles)
Unigine Valley or Heaven (use this for quick testing while changing settings in Wattman and checking for stability / artifacts) ...just suggesting this
How to monitor cores / mem speeds and temps during testing (I've seen screen overlays, and others using GPUz)

Step-by step overclocking in Wattman
Fan speeds
Power limit
Temp limit
Voltages
Core speeds
Memory speeds

 

Logitech Gaming Software Update 8.70

Lets you customize functions on Logitech gaming mice, keyboards, and headsets.

• Software Version: 8.70.315
• Post Date: Jul 08, 2015
• OS: Windows 8, Windows 7, Windows Vista
• File Size: 82.6 MB

Logitech Gaming Software lets you customize Logitech G gaming mice, keyboards and headsets.

Logitech Gaming Software includes third party software components, libraries, and frameworks, including, but not limited to, the third party software listed below.
These included third party software components provide key functionality to Logitech Gaming Software and are included in the software installation package.

• Digia QT - Application and User Interface Framework
• Microsoft Runtime Libraries - Application and Hardware Support
• Apple Bonjour - Network Discovery Support for Logitech Arx Control



Updated Description:

• Added support for the G29 Driving Force Racing Wheel
• Added support for the G920 Driving Force Racing Wheel
• Improved connectivity to the Logitech Arx Control app - version 1.2 of the Arx Control required
• Removed Apple Bonjour requirement for the Arx Control app
• ARX SDK bug fixes
• Updated LED Illumination SDK to support Per Key Illumination for the G910 - see gaming.logitech.com/developers for details
• Bug fix for LGS hang with G502 mouse
• New profiles added: Assetto Corso, Gas Guzzlers Extreme, Grand Theft Auto V, iRacing, Project CARS, Rust, The Witcher 3: Wild Hunt

Logitech Support + Download