Alert – CrowdStrike Faulty Update Causing Windows Error
Attention HIROC Subscribers:
As your proactive partner in safety, HIROC is sharing the following important notice:
Please share this Alert with your Information Technology (IT) team, Information Security Management team, Chief Information Officer, and Chief Technology Officer, Risk Management Leader and as appropriate with your users, to raise awareness about a global IT incident and to address potential risks promptly.
The purpose of this alert is to increase awareness of widespread IT service outages caused by a faulty software update in the CrowdStrike cybersecurity product.
CrowdStrike Falcon is a trusted Endpoint Detection and Response (EDR) product, which monitors and protects IT systems from malicious activities, such as ransomware. It is popular product, commonly used by healthcare organizations.
A recent faulty content update in CrowdStrike has caused errors in Windows environments, including workstations and servers. Affected systems may become inoperable and display a “blue screen” error.
CrowdStrike is aware of these reports of crashes on Windows hosts, and has reassured its customers that this is not a malicious security event or cyber attack.
HIROC recommends subscribers using CrowdStrike take the following action:
- Malicious actors are already exploiting this incident by impersonating CrowdStrike. Consider blocking the following known malicious domains:
- crowdstrikedown.site
- crowdstrikedoomsday.com
- crowdstrike0day.com
- www.fix-crowdstrike-bsod.com
- crowdstrike-bsod.com
- crowdstrikebluescreen.com
- www.crowdstrikefix.com
- crowdstrikefix.com
- crowdstriketoken.com
- fix-crowdstrike-apocalypse.com
- Stay abreast to technology updates, including updates and guidance directly from CrowdStrike: https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/
- Take inventory of endpoints and devices that has CrowdStrike and verify if CrowdStrike’s faulty content update is in the environment. Some updates may have been pushed to the environment but may not have taken effect. Details on identifying the faulty update are outlined in the link above.
- Always use official channels to communicate with your vendors that manage your CrowdStrike tool.
- Work with your internal or external expert information technology team to apply necessary workarounds and fixes provided by CrowdStrike.
- Recognize the effort, time and resource requirements for restoring affected environments, especially those that are not on site (i.e. remote resources) and work with your team to allocate resources accordingly.
We are here for you!
While HIROC continues to a have relatively small number of impacted workstations, which may impact the ability of some to respond by via email, our systems are now functional. In addition, our phone lines are fully operational. For immediate assistance, please call us at 416.733.2773.
Visit us at https://www.hiroc.com/contact-us for additional contact details.
Thank you for your vigilance and attention to this matter.
References:
- Alert - Issue impacting CrowdStrike Falcon EDR, Canadian Centre for Cyber Security, July 19, 2024, https://www.cyber.gc.ca/en/alerts-advisories/issue-impacting-crowdstrike-falcon-edr
- Statement on Falcon Content Update for Windows Hosts, CrowdStrike, https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/