Global Windows Crash
firstly- how to repair – from Russian experts!!!
1. Restart Windows and boot into Safe mode
2. Open a command prompt
3. Go to C:\Windows\System32\drivers\CrowdStrike
4. Locate the file matching “C-00000291* sys”, and delete it.
[or Rename the file CSAgent.sys to something else, eg. donotcrash.sys]
5. Continue normal startup
)))))))))) no need any thanks!
Now what happens!
The failure was caused by an update to the protection system from the American company CrowdStrike.
A global technical glitch has been caused with CrowdStrike protection systems installed. The CrowdStrike Falcon Sensor is a security system that blocks cyberattacks.
You can solve the problem by putting computers in safe mode and removing certain software components. However, this must be done manually, which is a challenge for large companies with tens of thousands of computers.
The failure has occurred on computers used by airline office workers to check in passengers, baggage, and cargo. At the moment, it does not affect flight safety.
However, indirect consequences are already happening for Russians. It is impossible to arrange connecting flights, and some airports on popular holiday destinations are currently closed, leading to significant delays in air travel for Russians.Crowdstrike Falcon is a security solution used by companies and can be installed on work laptops. It is an enterprise-level solution.
At this point, it is difficult to determine how long it will take to resolve the issue, as the challenge lies in the fact that, if such a problem arises, each device needs to be manually restarted in safe mode. This cannot be done using controls. This is a serious issue that has impacted numerous processes, including those in critical infrastructure.
Most companies have included an upgrade failure in their risk model and have provided for a rollback to the previous version as a backup measure, which is likely what victims will do.
Microsoft disconnected most Russian companies from Azure a year ago as part of sanctions, so this should not impact Russia. Companies using Azure through other countries may be impacted and will respond based on their recovery plans.Despite the fact that the CrowdStrike issue causes crashes specifically on Windows, it can also have other consequences. Due to Windows being a very popular operating system, and CrowdStrike being a major cybersecurity company, many businesses and services are experiencing outages as a result of their computers not functioning properly.
The issue can only be resolved through manual actions on affected machines, which must be performed by administrators serving affected organizations. This is the second time in a row that a problem with the Falcon Sensor has occurred: at the end of June, there was a similar issue with high CPU utilization after installing an update to the memory scan module.
CrowdStrike software is widely used around the world, but the company does not operate in Russia, so there may be a smaller number of devices using this software in that country.Cloud services, despite their many advantages such as innovation, flexibility, and high level of support, also come with risks compared to on-premise solutions. Organizations using cloud solutions may face unexpected changes in the configuration of the service, which can lead to risks they may not be able to manage.
The incident is currently under investigation, and it is still unclear what caused it. It could be due to errors during software updates, which could be the result of human error or problems with QA testing during the update process.Other cyber threats, such as insider hacking, could also be a cause. External cyberattacks are another possible cause of the failure, as hackers gain access to source code and introduce malicious components that activate under certain conditions. This is a more complex process that requires a high level of skill and time, but the risk of successful completion remains high. Complex cyberattacks on service providers or targeted attacks on critical industries can also affect the software’s operation. Given that disruptions have affected the transport sector, hacker groups may be behind the attack in order to destabilize critical infrastructures. Airlines, airports, and international carriers are all attractive targets for those seeking to cause maximum damage.