The failure of Crowd strike security software causing global chaos will be analysed by experts in Due Course.
In the immediate, it appears that there could be an failure in the Artificial intelligence based automated response which has generated a false alarm.
The appearance seems to be related to update issue. But probably it is a false report. Or the fault has been triggered in the updated version recognizing the update itself as an act of Cyber threat.
This should be a wakeup call for all those who think AI makes things more reliable. It was amusing to know that many airports are shifting to manual mode to tide over the crisis.
Workaround
One of the suggested work around is:
- Boot Windows into Safe Mode or the Windows Recovery Environment.
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
- Locate the file matching C-00000291*.sys and delete it.
- Boot the host normally.
Terrorists have been found to use a second bomb blast after some time in the same location to smoke out victims from the first blast and kill them with the second.
A similar risk could be there in this case. It is said that the workaround will disable some security features. Attackers may be planning to hit in this time window.
Organisations should be careful.
Naavi
