CrowdStrike Update: CERT issues ‘critical’ advisory, MEITY in touch with Microsoft, Systems Partially Up

Blue screen of death
Share this:

The Indian Computer Emergency Response Team (CERT-In) has issued a ‘critical’ advisory following the global outage of Microsoft Windows operating outage. The advisory, designated CIAD-2024-0035, highlights that affected systems are experiencing the dreaded Blue Screen of Death (BSOD). In its advisory, CERT also noted down steps to recover systems that are impacted. 

Meanwhile, the government has taken cognizance of Microsoft outage and MEITY is continually in touch with Microsoft, which in turn is actively working with impacted entities.

In addition, CERT-In is coordinating with CISOs of critical infrastructure entities. All impacted entities are working to bring up their systems. In many cases, systems are partially up.

It has been reported that Windows hosts related to Crowd strike agent Falcon Sensor are facing outages and getting crashed due to recent update received in the product. The concerned windows hosts are experiencing a Blue Screen of Death (BSOD) related to Falcon Sensor, CERT said in its advisory.

The issues occurred in the latest update of CrowdStrike and the changes have been reverted by the Crowd Strike Team, it added.

  • The workaround steps advised by the CERT are:
  • Boot windows into safe mode or the windows recovery environment
  • Navigate to the C:\Windows\System32\drivers\CrowdStrike directory 
  • Locate the file matching “C-00000291*.sys”, and then delete it 
  • Boot the host normally

“The reason for this outage has been identified and updates have been released to resolve the issue,” said an official communication. The technology partner of the Government of India, National Informatics Center (NIC), that provides technology-driven solutions to Central and State Governments fortunately remains unaffected.

The global outage, which roughly began around 10 am, saw airports, airlines, banks, brokerages, critical services take a hit. Airports have switched to ‘manual’ mode of operations temporarily to tide over the crisis. Airlines, airports in India are issuing handwritten boarding passes to passengers. 

Several brokerages have reported disruption in services which left traders/investors in the lurch with no trades being executed and people clamouring for compensation.

A few media houses also took a hit with UK’s Sky News going entirely off air following the development.

It’s unclear what has caused the outage, but some businesses, including Australian energy company AGL, blamed an update from security firm CrowdStrike. 

Microsoft said the impacted services include: PowerBI, Microsoft Fabric, Microsoft Teams, Microsoft 365 admin center, Microsoft Purview and Viva Engage. It acknowledged the issues with its Azure services and Microsoft 365 apps, said, “Our services are still seeing continuous improvements while we continue to take mitigation actions.”