CrowdStrike Windows outage: BSOD chaos and what to do next

Today, 19 July 2024, CrowdStrike experienced a significant outage affecting its Falcon endpoint detection and response (EDR) platform on Windows systems. This incident resulted in widespread “blue screen of death” (BSOD) errors, causing major disruptions across various sectors globally, including healthcare, finance, and public services. The issue stemmed from a problematic update, highlighting the vulnerabilities even top-tier security solutions can encounter. Early reports confirm that the incident was due to a technical fault in the update process, not a cyberattack​.

Social media reactions

The incident drew widespread attention on social media, with users sharing their experiences and frustrations. These reactions underscore the widespread impact and the urgency of resolving such issues swiftly.

Immediate actions for affected organisations

1. Verify restoration: Ensure that the CrowdStrike Falcon platform is fully operational. Check for any updates or patches released by CrowdStrike and apply them immediately.
2. Conduct a security audit: Assess systems for any unusual activities during the outage. Focus on identifying potential security breaches or unauthorised access that might have occurred while the platform was down.
3. Update incident response plans: Review and revise your incident response plans to include scenarios where primary cybersecurity tools become temporarily unavailable. This will help ensure rapid response and continuity during future incidents.
4. Backup and recovery plans: Validate that your backup and recovery processes are effective. Regularly scheduled backups and a clear recovery strategy are essential to mitigate risks from such outages.

Practical actions to enhance security posture

1. Enable multi-factor authentication (MFA): Implement MFA across all systems to add an extra layer of security, reducing the risk of unauthorised access.
2. Implement network segmentation: Divide your network into segments to limit the spread of potential attacks and enhance monitoring capabilities within each segment.
3. Use endpoint detection and response (EDR) tools: Complement your existing security solutions with additional EDR tools to provide real-time monitoring and response to threats.
4. Regularly patch systems: Ensure that all systems and software are regularly patched and updated to protect against known vulnerabilities.
5. Monitor security logs: Continuously monitor and analyse security logs to detect and respond to suspicious activities promptly.
6. Create a cybersecurity awareness programme: Develop and maintain a cybersecurity awareness programme to educate employees on the latest threats and best practices.

Workaround and mitigation steps

1. Safe mode access: If you encounter the BSOD, try booting the system in safe mode to uninstall the problematic update.
2. System restore: Use the system restore feature to revert the system to a state before the update was applied.
3. CrowdStrike’s official guidance: Follow any specific instructions or patches released by CrowdStrike to resolve the issue. CrowdStrike has been actively communicating with its clients to provide necessary fixes.

Long-term strategies for resilience

1. Diversify security solutions: Integrate additional security solutions to avoid single points of failure. A multi-layered approach can provide added resilience against disruptions.
2. Regularly test systems: Conduct regular penetration testing and vulnerability assessments to identify and fix weaknesses proactively.
3. Stay informed: Keep abreast of updates and advisories from your security providers. Participate in forums, webinars, and other educational resources to stay informed about the latest threats and best practices.
4. Employee training: Ensure that your staff is well-trained in recognising and responding to security threats. Continuous education and simulation exercises can significantly enhance your organisation’s cybersecurity posture.

End thoughts

The CrowdStrike Windows outage serves as a stark reminder of the complexities and potential vulnerabilities within cybersecurity frameworks. By taking immediate corrective actions and implementing long-term strategies, organisations can enhance their resilience against such disruptions. At ITLawCo, we are committed to supporting our clients with expert guidance and actionable solutions to navigate these challenges effectively. For more information on how to strengthen your cybersecurity strategy and ensure your organisation’s resilience, contact ITLawCo today.