CrowdStrike Denial of Service vulnerability
RISK: High Risk
TYPE: Operating Systems - Networks OS
On 19 Jul 2024, CrowdStrike Falcon Sensor caused crashes on Windows hosts. Windows hosts running on cloud such as Azure, AWS, etc. are also affected. The symptoms include hosts experiencing a bugcheck\blue screen error.
CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.
If hosts are still crashing and unable to stay online to receive the Channel File Changes, please take the workaround in the "Solution" section
Note:
No patch is currently available for affected products.
Impact
- Denial of Service
System / Technologies affected
CrowdStrike Falcon Sensor
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Windows hosts which have not been impacted do not require any action as the problematic channel file has been reverted.
Apply workarounds issued by the vendor:
- https://www.crowdstrike.com/blog/statement-on-windows-sensor-update/
- https://azure.status.microsoft/en-us/status
- https://health.aws.amazon.com/health/status
Workaround Steps for individual hosts:
- Reboot the host to give it an opportunity to download the reverted channel file. If the host crashes again, then:
Note: Bitlocker-encrypted hosts may require a recovery key.
- Boot Windows into Safe Mode or the Windows Recovery Environment
- NOTE: Putting the host on a wired network (as opposed to WiFi) and using Safe Mode with Networking can help remediation.
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
- Boot Windows into Safe Mode or the Windows Recovery Environment
Vulnerability Identifier
- No CVE information is available
沒有留言:
發佈留言