An administrator (or a deploy script with administrative permissions) can install all manner of sensitive components. It’s how OS updates are done, and this product integrates a kernel mode driver file which is treated as part of the OS. This is really quite typical for endpoint protection software, because otherwise the security software wouldn’t have the privileges to examine everything happening in the system.
But if a legitimate update includes a defective kernel-mode driver file, you get this.
We’re seeing BSOD Org wide that are being caused by csagent.sys, and it’s taking down critical services.
So, I assume every IT department in the world will uninstall everything manufactured by this untrustworthy firm, choosing another security solution instead, and CrowdStrike Holdings Inc. will promptly go bankrupt, right?
No, actually, but perhaps another firm might test its updates before, you know, crashing the global economy and all? There’s a chance anyway.
No snark intended or taken, but do you think this particular firm should just be forgiven, no-harm-done-old-chap, and given another chance? I feel like the (flawed) mechanism of capitalism ought to punish them good and hard; let the next security software startup try just a tiny bit harder to get it right.
Or (serious question) had CrowdStrike, before this error, already proven themselves to be superior to all other security firms? I really have no idea.
This affected our work and, I am told, people were up fixing it since early in the morning. Our affected systems are back up and fortunately in my case, I always hibernate my laptop when I am done with my work, and experienced no issues when I used it recently to check systems.
As to whether crowdstrike is better or worse, the reason our company switched to it was due to some level of reporting that was not available with our previous solution. More than one consideration goes into choosing a security solution.
You’d think! I don’t know how an update like this got out. I can have lots of sympathy for bugs that cause problems in some weird configuration that is only encountered once the update is on thousands of machines, but this seems like it is crashing everything.
Look at SolarWinds, though. They’re still around after flaws in their software caused massive security problems.
And really, with computer stuff, if you switch every time there is some major problem with a piece of software, you won’t have anything left to use.
I’m in the habit of pressing the button that enables “pause updates for 7 days”, because I long ago got tired of updates causing problems. Better to let them get tried out and fixed before they screw up my computer.
But last week I realized that button could be pressed repeatedly, extending the time period. So I’m good for the next few weeks while they get this sorted out.
The combination of big businesses who have lost money over this, coupled with lawyers, accountants and insurance companies, will no doubt do their best to make your point.
It may not result in this particular company going bankrupt, but there will be financial and business repercussions.
AFAIK, that delay feature only applies to Microsoft updates. This was an update to a third-party non-Microsoft product that, unless you’re a corporate user, you probably don’t use at all, but if you did use the product in question, probably wouldn’t have been stopped by that Windows Update feature.
So, if my home and work computers are both working (as far as I can tell) just fine right now, do I need to worry about them crashing suddenly, or would it have already happened if it’s going to happen? Is there anything I should be doing to protect them, apart from obvious stuff like backing up recent files?
Couple of my co-workers’ laptops are bricked, and none of our remote management is working. The phone switches and muxes are still working, we just can’t get into them.
Good thing it’s Friday, and we don’t run any grooms or major changes on Fridays or Mondays.
The problem is with the security agent Crowdstrike Falcon and an update they released for that software agent, not a Microsoft Windows update. I highly doubt you have it installed on your home computer. For your work computer, it depends on if they use Crowdstrike.
Oh, good, thanks for the info! Since everything seems pretty much normal on my work computer, and we haven’t had any urgent e-mails from IT or anything, I’m guessing they don’t use it.
Mentioning the lack of a certain type of news report isn’t part of breaking news. It’s speculation. Please refrain from raising speculative issues in breaking news threads.
Everyone has it at my work. It’s sounding like maybe 1 in 3 machines are affected (I’m one of the lucky ones, or unlucky depending on how you look at it.) The technology center is asking everyone to bring their laptop to them in person, and there’s a line around the block apparently. But it seems most people are getting their machines fixed rather quickly once they reach the head of the line.