CrowdStrike confirms Macs are 'not impacted' by a global outage impacting airlines, banks, and more — and a fix is on the way

[iMore.com]

CrowdStrike, the company whose update has brought airlines, banks, and other industries to their knees via a global PC outage, says Macs are unaffected and that a fix "has been deployed."

CrowdStrike confirms Macs are 'not impacted' by a global outage impacting airlines, banks, and more — and a fix is on the way : Read more

 

[FFR]

Sucks to be a windows user

 

[EdwinG]

Sucks to be an ICT employee today. I feel for the Service Desk Technologists and Systems Administrators that will need to do some cleanup after this.

CrowdStrike will need to do an RCA and ensure this doesn’t happen again.

Even if it’s not Microsoft’s direct fault, I hope Microsoft prohibits kernel-level modules from being loaded in the future, but that’s going to take time if they do that - like 5-15 years easily.

 

[FFR]

I wonder how many Enterprises will be switching to the mac

 

[Just_Me_D]

I wonder how many Enterprises will be switching to the mac

Companies, in my opinion, have been switching to Macs for quite some time. Having said that, it’s going to take several more outages like this to get big companies to set the money aside to switch completely over.

 

[FFR]

Companies, in my opinion, have been switching to Macs for quite some time. Having said that, it’s going to take several more outages like this to get big companies to set the money aside to switch completely over.

True, but if you remember it took a massive blackberry outage to kill the brand in the enterprise.

And this is a massive outage for Microsoft.

 

[Just_Me_D]

True, but if you remember it took a massive blackberry outage to kill the brand in the enterprise.

And this is a massive outage for Microsoft.

From what I gather, Windows users who do not have their system set to auto-update are not affected — at least that’s what I’m being told.

 

[FFR]

From what I gather, Windows users who do not have their system set to auto-update are not affected — at least that’s what I’m being told.

Could be, but I have never seen this happen to Microsoft at this scale. Uk, Germany, France, Australia have all been affected.

 

[FFR]

Sucks to be an ICT employee today. I feel for the Service Desk Technologists and Systems Administrators that will need to do some cleanup after this.

CrowdStrike will need to do an RCA and ensure this doesn’t happen again.

Even if it’s not Microsoft’s direct fault, I hope Microsoft prohibits kernel-level modules from being loaded in the future, but that’s going to take time if they do that - like 5-15 years easily.

Didn’t Microsoft push out the update? That’s pretty much a direct fault.

From what I gather, Windows users who do not have their system set to auto-update are not affected — at least that’s what I’m being told.

It’s being reported a billion users are affected globally out of 1.4 billion windows users. That’s a more than a significant outage.

 

[EdwinG]

From what I gather, Windows users who do not have their system set to auto-update are not affected — at least that’s what I’m being told.

It’s not a Windows update that caused it, but a content update for CrowdStrike’s EDR software. That software is also available for Macintosh and Linux systems, and it is usually installed for entreprises using CrowdStrike. Oh, and the updates, a user can’t disable them; only a security systems administrator can.

The resulting impact would be identical should a defective update have been made available for those systems. A pure kernel panic on boot.

Apple has improved their kernel module handling, but AFAIK it’s not 100% there yet. So, until the OS developers fully prohibit kernel-level modules, it’s going to occur again.

Statement on Falcon Content Update for Windows Hosts - crowdstrike.com

www.crowdstrike.com

 

[EdwinG]

Didn’t Microsoft push out the update? That’s pretty much a direct fault.

As I posted, no they did not. It’s a different company altogether, CrowdStrike.

If the system is not running CrowdStrike Falcon Sensor on a Windows operating system, it’s not going to have this specific issue.

It can also affect macOS and Linux in the same manner, because guess what, CrowdStrike Falcon Sensor is also available for those two series of operating systems.

 

[FFR]

It’s not a Windows update that caused it, but a content update for CrowdStrike’s EDR software. That software is also available for Macintosh and Linux systems, and it is usually installed for entreprises using CrowdStrike. Oh, and the updates, a user can’t disable them; only a security systems administrator can.

The resulting impact would be identical should a defective update have been made available for those systems. A pure kernel panic on boot.

Apple has improved their kernel module handling, but AFAIK it’s not 100% there yet. So, until the OS developers fully prohibit kernel-level modules, it’s going to occur again.

Statement on Falcon Content Update for Windows Hosts - crowdstrike.com

www.crowdstrike.com

No one said it was a windows update.

Microsoft pushed out the update, that’s what’s being reported.

The solution that is currently being presented was to boot into safe mode, locate a file delete and reboot, that doesnt require a security system admin.

Of and the Mac wasn’t affected, it’s right there on the title to the thread

 

[FFR]

As I posted, no they did not. It’s a different company altogether, CrowdStrike.

If the system is not running CrowdStrike Falcon Sensor on a Windows operating system, it’s not going to have this specific issue.

It can also affect macOS and Linux in the same manner, because guess what, CrowdStrike Falcon Sensor is also available for those two series of operating systems.

As I posted earlier, Microsoft pushed the update , to windows users not crowd strike.

And the Mac is not affected, see title of the thread.

 

[EdwinG]

No one said it was a windows update.

Microsoft pushed out the update, that’s what’s being reported.

NO!

That’s not what happened. Microsoft didn’t push out that software update. It’s NOT Microsoft software.

CrowdStrike pushed out an update using THEIR update mechanism: https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/

The solution that is currently being presented was to boot into safe mode, locate a file delete and reboot, that doesnt require a security system admin.

I said: “the updates, a user can’t disable them; only a security systems administrator can” That’s because update configuration are managed in a central console server.

A systems administrator can reboot and remove the affected file per CrowdStrike’s instructions because:

1. The updated has been rolled back
2. This is a local action. It does not disable updates.

The software will update upon reboot.

Of and the Mac wasn’t affected, it’s right there on the title to the thread

I know! And that’s because we were lucky. I’m stating that the macOS and Linux operating systems are AS vulnerable to this situation AS Windows.

 

[FFR]

NO!

That’s not what happened. Microsoft didn’t push out that software update. It’s NOT Microsoft software.

CrowdStrike pushed out an update using THEIR update mechanism: https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/


I said: “the updates, a user can’t disable them; only a security systems administrator can” That’s because update configuration are managed in a central console server.

A systems administrator can reboot and remove the affected file per CrowdStrike’s instructions because:

1. The updated has been rolled back
2. This is a local action. It does not disable updates.

The software will update upon reboot.

I know! And that’s because we were lucky. I’m stating that the macOS and Linux operating systems are AS vulnerable to this AS Windows.

“The Microsoft Outage”
“The Microsoft Outage, biggest in IT history”

Macs unaffected.