The blackout that sent half the world into a cyber tailspin yesterday involves a global computer crash caused by a configuration update to CrowdStrike’s Falcon sensor, which led to system problems on Microsoft Windows computers. Let’s summarize and clarify the main points of the story:
What happened
- Channel File Error 291: A remote update released by CrowdStrike to improve its defense program (antivirus) caused the operating systems on which it was installed to crash.
- Not a cyber attack: CrowdStrike specified that the problem was not due to a cyber attack, but to a configuration error.
CrowdStrike’s Response
- Problem resolution: The bug was fixed on July 19, 2024, at 05:27 UTC.
- Customer Support: CrowdStrike promised an ongoing support effort for impacted customers and provided a manual process to fix the bug on each affected machine.
- Constant communication: The company continues to update customers through its blog and Support Portal and asks those with specific needs to contact them directly.
Suggested solutions
- Turn off and on again: Microsoft suggested restarting computers as a temporary solution, a method that has proven effective for some users.
- Deleting a specific file: Microsoft and some CrowdStrike employees on social media have recommended deleting a certain file to resolve the issues.
Technical context
- File 291: It is an update that was supposed to improve the efficiency of CrowdStrike’s antivirus but instead caused problems in Windows operating systems.
Official communications
- CrowdStrike: Provided technical details and a commitment to improve internal processes to prevent future similar incidents.
- Microsoft: He offered a practical solution and admitted that several reboots might be needed to fix the problem.
In summary, the incident was caused by a misconfiguration in a software update, not an external attack, and the companies involved are working to resolve the issues and support impacted users.