CISO GLOBAL ANNOUNCES SOLUTION TO MITIGATE IMPACT OF CROWDSTRIKE SECURITY EVENT

• 20 Jul 2024
• TM Team
• 0 Comments

 CISO Global, an industry leader in proprietary software, managed cybersecurity, and compliance, announces that it has successfully identified and implemented a comprehensive solution to address the recent security incident involving CrowdStrike and Microsoft.

This incident, resulting from a faulty update to CrowdStrike's Falcon Sensor V6.58, caused widespread disruptions by triggering a Blue Screen of Death (BSOD) on thousands of Windows machines globally. CISO Global's solution was developed after the Incident Response team studied affected networks and offers a clear path to recovery for those affected. CISO is deploying this successfully to affected customers.

The faulty update caused critical faults in the Falcon Sensor's driver interactions with the Windows kernel, leading to fatal system errors upon startup. This has rendered numerous systems inoperable, significantly impacting businesses worldwide. In response, CISO Global has developed a simple and effective step-by-step solution to resolve the issue and restore normal operations.

Step-by-Step Solution to Resolve BSOD Issue:

1.    Boot into Safe Mode or Windows Recovery Environment:

o   Restart your computer and repeatedly press the F8 key (or Shift+F8) before Windows starts to enter Safe Mode or use the Windows Recovery Environment.

2.    Navigate to the CrowdStrike Directory:

o   Once in Safe Mode or Recovery Environment, open File Explorer and go to C:\Windows\System32\drivers\CrowdStrike.

3.    Delete the Faulty File:

o   Locate the file named C-00000291*.sys and delete it.

4.    Reboot the System Normally:

o   Restart your computer normally. The issue should be resolved, and your system should boot without encountering the BSOD.

Alternatively, for advanced users:

• Use the Command Prompt in Advanced Startup to delete the file:
• Open Command Prompt from the Advanced Startup Options.
• Execute the command: del C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys.

"We understand the significant challenges posed by the recent CrowdStrike update issue, and our team has worked diligently to develop a straightforward fix that addresses the immediate problem and restores system functionality," said David Jemmett, CEO. "While we are pleased to be able to assist our clients and others, this event should serve as a warning to all regarding the importance of strong network resiliency. Time will tell whether this was caused by human error, or an attack similar to what affected Solar Winds."