- A global Microsoft Windows outage, caused by a CrowdStrike software update, has disrupted airlines, banking services, and 911 lines, leading to grounded flights and long queues.
- The issue resulted in many systems experiencing the “Blue Screen of Death” (BSOD), affecting major carriers and airports worldwide, and also impacted the London Stock Exchange and Australian banking systems.
- CrowdStrike has identified and isolated the defect, deploying a fix, but recovery is expected to be slow due to the need for manual intervention on affected devices.
And that’s why the IT dept needs to test all software updates before rolling them out on the productive systems.
Deploy to prd! I’m on holiday.
Yes, don’t do what I do at home and edit live PHP with users on the server…
Nah real men commit straight to prod. Why yes, I do have 13 bastard children, condoms are also for cowards
Guys…this is TOTALLY Rick. He’s just avoiding his child support payments.
I invoke the shaggy defense
If they’re as slow to roll out the updates to CS as they are the rest of the updates we’ll be a year behind on CS updates haha.
Been awhile since we’ve POCed Crowdstrike, but I don’t think you can set the cadence on updates for Crowdstrike. I believe Crowdstrike enforces auto-updates, it was at least the default setting.
afaik It wasn’t a software update that we all think. It was a content update that you can’t even delay update(I’m assuming it’s fordidentifying new viruses…etc). Updating software itself can be delayed and was usually being tested by IT guys before doing so. Content update however seemed harmless and wasn’t the case.
Crowdstrike fucked up. There seems to be nothing mucy IT depts could’ve done.
Yeah, a lot of people are (understandably) mad at Crowdstrike right now, but I want to drag some c-suite executives into a conference room and impress upon them the value of allocating budget for test environments and disaster recovery. Banks, airlines, service providers, these aren’t mom-and-pop bakeries and plumbers who don’t have time for all that nonsense. Every service that went down should be looking for the fuckwit in their organization, and they’re probably in the executive lounge. Anyone can make a mistake, but it takes dedication to systematically ignore the best advice of top experts in the field and run your infrastructure on a shoestring budget.
The CTO of Clownstrike presided over a similar disaster in 2010 too. AFAIK.
Man, money for a test environment is pretty low on my list of priorities right now. I’m trying to row a 20 man boat with one other person.
IT is just a cost center to most executives.
Software development is also a cost center in my company I work for.
… value of allocating budget for test environments and disaster recovery …
I mean, they do have a test environment. Everyone does have one!
They’re just missing a separated production environment…
Luckily I’m using Linux!
crowdstrike doing just a little of tomfoolery
What is crowd strike and is it a Microsoft product?
CrowdStrike is a popular third-party suite of security software that has forced OTA updates. https://www.cnn.com/2024/07/19/tech/crowdstrike-update-global-outage-explainer/index.html It’s not a Microsoft product.
Cmon guys, it’s Crowdstrike implementing the 4 day week.
Or the 7 day week if you’re in IT.
Who knew that having one operating system running everything would be a bad idea
Who knew that allowing, no, PAYING third parties to inject whatever the fuck they want encrypted proprietary binary blobs into the highest privilege and most dangerous level of your operating system without any user acknowledgement or third party code review could possibly have negative consequences?
This is also why we shouldn’t be allowing kernel anticheat games on our PCs by the way. One day Crowdstrike, the next day it could be Riot Vanguard. Proprietary shitware has no place in your kernel (though in Windows’ case the entire kernel itself is proprietary, maybe do something about that next).
Yes, Riot is going to take down infrastructure.
They can take down people’s computer though?
One security system with forced automatic updates *
Edit: with kernel permissions
Even then.
This software isnt for Linux.Dammit, it is…“Reduce exposure”, they take that very seriously.
It is. It has linux AV available, but 99% of its install base is going to be windows.
Avoid using it for Linux that is for sure after today! If this will happen to all linux device, there is no working internet anymore.