CrowdStrike explains the cause of the global Windows system crash yesterday due to an update issue. The problem occurred with the Falcon Sensor, which is the core product of CrowdStrike company itself, serving as an agent monitoring security throughout the system’s operations (Falcon is a single-agent detecting vulnerabilities, viruses, malware, etc.). Falcon is controlled by configuration files called Channel Files, which are updated with new malware and automatically updated multiple times a day.
The issue stemmed from the configuration file version 291 (file name starting with “C-00000291-” with .sys extension) intended to update to combat the new malware’s operations. A flawed logic resulted in the Windows named pipe communication system crashing. This led to the familiar blue screen problem (and the reason the temporary fix or workaround is to boot into safe mode to remove this file).
The configuration file version 291 was also updated to Mac and Linux machines but had no impact due to their different architectures.
After the problem arose, CrowdStrike released a new version of configuration file 291, removing the problematic logic. The reason why the company allowed a file with faulty logic to be released is still under investigation.
Source: CrowdStrike
TLDR: CrowdStrike explains the global Windows system crash due to an update issue with the Falcon Sensor, releasing a new configuration file to address the problem.
Leave a Comment