Vinman
Well-known member
Relax, it’s just Bill Gates reminding people who’s really in charge.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Global IT Outtage-Microsoft/CrowdStrike
- Thread starter Muckin_Slusher
- Start date
XtremeJ
Wanker
Kurtz was on Jim Cramer this morning, I was wondering if the broadcast was from VIR or if he has headed back to HQ already.Ohhhf. Pack up boys, you're headed home today. Never a fun to watch another race crew pack in early.
Guessing my $400 call options will expire worthless today.
Good luck mate
Yup. Called in for my 2 Friday morning calls, but blind as can be.This was my morning, or watching a movie. Same blue screen. Restart just brought a different blue screen. Fuckers had it fixed before lunch though.
Email still working on mobile. Last update is all affected will receive a call from IT to walk thru the fix. But I’m away most of the afternoon, so who knows when it’ll get wrapped up.
Norm
Newb
This isn't really related to Microsoft at all. This is 100% a CrowdStrike EDR fuck up. They sent a channel file out that was full of Null. This is essentially a small driver file that is loaded at the kernel level of the OS, BEFORE everything, including the network stack. The kernel attempts to load the null driver and to protect itself, it blue screens, as it is designed to do.
The primary issue here is that this happens before the network stack is loaded, so there is no way to send an updated channel file before the BSOD hence the fix HAS to be manual intervention. The reboots thing may or may not work. I've heard reports of people rebooting 20+ and still nothing. The issue is also more complicated if a whole disk encryption is used like BitLocker.
I don't envy IT right now.And for the first time I am glad we use Trellix for EDR and not CrowdStrike
Probably have to boot the affected into safe mode and update the driver via USB. I don’t do MS stuff, so just a guess.
It’s a goat rope at best.
kf4zht
Red Skull Member
- Joined
- May 20, 2020
- Member Number
- 561
- Messages
- 1,074
I'm stuck in Raleigh trying to get home. Delta flights cancelled. Can't rent a car, they are down or not allowing one ways.
Found a southwest flight to Atlanta, then going to get a ride home and go pick up my car from Chattanooga later.
Fuck computers
Found a southwest flight to Atlanta, then going to get a ride home and go pick up my car from Chattanooga later.
Fuck computers
non-OP
Well-known member
- Joined
- Jun 2, 2020
- Member Number
- 1775
- Messages
- 167
basically boot to safe mode without networking, remove a set of files, reboot.
the issue is that those of us with bitlocker encryption can't always boot into safe mode
Void_of_Light
Keeping I.T. real
1. Boot Windows into safe mode or the Windows Recovery Environment.
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
3. Locate the file matching “C-00000291*.sys” and delete it.
4. Reboot
Treefrog
Book Wheeler
Exact instructions our IT sent out this morning. But everyone in the company has bitlocker.
And for the IT challenged, the file starts with "C-00000291". It has some more numbers after that.
Can you still do a DOS style command from the root so you don't have to hunt it down?Exact instructions our IT sent out this morning. But everyone in the company has bitlocker.
And for the IT challenged, the file starts with "C-00000291". It has some more numbers after that.
Treefrog
Book Wheeler
I would assume so. I am not an IT guy though.
Ohhhf. Pack up boys, you're headed home today. Never a fun to watch another race crew pack in early.
Car doesn't run without being hooked to the cloud or are they so embarrassed they packed up and left?
Stock down 15% and now no race cars?Car doesn't run without being hooked to the cloud or are they so embarrassed they packed up and left?
Void_of_Light
Keeping I.T. real
Had to sell the car to raise funds to buy back some discounted stock.
ProjectTwin
Well-known member
- Joined
- May 22, 2020
- Member Number
- 1193
- Messages
- 468
Romogo
0 OR 1=1
- Joined
- May 20, 2020
- Member Number
- 498
- Messages
- 104
Fixt it for ya.Exact instructions our IT sent out this morning. But everyone in the company has bitlocker.
And for the IT challenged, the file starts with "C-00000291". It has some more numbers after that.
1. Boot Windows into safe mode or the Windows Recovery Environment.
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
3. Locate the file matching “C-00000291*.sys” and delete it.
4. Reboot
5. If you have BitLocker, jump of a bridge.
But really, if the enterprise was keeping the BitLocker recovery keys in Active Directory (like they should be), it shouldn't add but a little more time telling someone over the phone their 48 digit key
"No, I said E, not C"you just email it in plain textFixt it for ya.
1. Boot Windows into safe mode or the Windows Recovery Environment.
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
3. Locate the file matching “C-00000291*.sys” and delete it.
4. Reboot
5. If you have BitLocker, jump of a bridge.
But really, if the enterprise was keeping the BitLocker recovery keys in Active Directory (like they should be), it shouldn't add but a little more time telling someone over the phone their 48 digit key
cause that's easier.
AKnate
Icehole
- Joined
- Mar 5, 2022
- Member Number
- 4908
- Messages
- 1,271
Same but I got pissed, ripped the power cord out, plugged it in and it fixed it. Next step if that didn't was punching it.
Had no idear about crowds trike or whatever till now.
AKnate
Icehole
- Joined
- Mar 5, 2022
- Member Number
- 4908
- Messages
- 1,271
I don't even have internet on my own computer.
Gravy
Red Skull Member
Where you headed. Im into a 6-8 hour delay.
Hoping it will hold, and maybe home tonight
1oddtech
Unknown member
Do you even know what I'm talking about?
GonPostal
Knucklehead
- Joined
- May 19, 2020
- Member Number
- 289
- Messages
- 194
Our son and family were red-eye flying out from California to Georgia last night, and made it as far as their first leg to Denver They had boarded their connection flight to Houston, then were told to deplane due to a "glitch". They slept at the airport. Just found out at 6:30 pm that they finally made to Houston, but there were further delays for final destination to Atlanta. So far they have logged 30 hours of little travel, on what would normally have been a 4.5 hour flight....
Kaptain
Well-known member
- Joined
- May 29, 2020
- Member Number
- 1650
- Messages
- 147
Fixt it for ya.
1. Boot Windows into safe mode or the Windows Recovery Environment.
2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
3. Locate the file matching “C-00000291*.sys” and delete it.
4. Reboot
5. If you have BitLocker, jump of a bridge.
But really, if the enterprise was keeping the BitLocker recovery keys in Active Directory (like they should be), it shouldn't add but a little more time telling someone over the phone their 48 digit key
This was my entire day and we use bitlocker (keys are in intune)
I found that the recovery environment with command line is the most efficient method to do this, and most users were able to follow my specific instructions (we had to fix over 3k, 1 by 1)
kf4zht
Red Skull Member
- Joined
- May 20, 2020
- Member Number
- 561
- Messages
- 1,074
Need to end up back in Chattanooga to get my car at some point, but my house is halfway better Atlanta and Chattanooga, if I can just get home today I'll be happy.
Delta offered me tomorrow at 1pm with 3 legs and 14 hours total time or 8pm with 3 legs and 11 hours flight time. Southwest got a lot of business today
Fuuuuuuck!
Gravy
Red Skull Member
That's crazy. Atlanta is Deltas momma airport. Usually they have multiple flights into there.
Damn, sounds doable with a car. Safe travels.
1981K20
Up North
Yep. Exact same with our system (Samsara)