Trustwave is proactively assessing and monitoring our clients who may have been impacted by CrowdStrike’s recently rolled-out update for its Windows users. The critical issue identified with CrowdStrike Falcon may result in a Blue Screen of Death (BSOD) on Windows systems, affecting systems worldwide in the travel, healthcare, finance, and telecommunications firms, according to published reports.
At this time, Trustwave’s internal investigation is underway and Trustwave services are not impacted by the outages caused by CrowdStrike’s update. However, several clients have been affected. As their trusted cybersecurity partner, our teams are monitoring these situations and ensuring our clients remain safe during the recovery process.
CrowdStrike reported the issue was not due to a cyberattack or security incident but was caused by a defect found in a single content update for CrowdStrike Falcon affecting only Windows hosts. Mac and Linux hosts are not impacted. The issue has been identified, isolated and a fix has been deployed, but those impacted have reported receiving the Blue Screen of Death, CrowdStrike said.
Trustwave recommends impacted organizations take the steps CrowdStrike has provided as a workaround to resolve the BSOD issue on affected machines:
- Boot Windows into Safe Mode or the Windows Recovery Environment.
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
- Locate the file matching ‘C-0000029*.sys’ and delete it.
- Boot the host normally.
Be aware of attempted phishing attempts that may utilize the recent incident and ensure you're communicating with CrowdStrike through official channels.
Trustwave will continue to monitor this developing situation, and we remain on standby for our clients and to provide further feedback on these steps if more information becomes available.
