Blue Screen of Death(BSOD) | CrowdStrike’s Mistake: Inside the Microsoft Outage |Must Watch
Summary
TLDRThe video discusses a significant Microsoft outage caused by an update from cybersecurity partner CrowdStrike, leading to the infamous 'Blue Screen of Death' on Windows systems globally. The incident affected various sectors, including airlines, banking, and stock exchanges. The CEO of CrowdStrike clarified it was not a cyber attack but an issue with an untested update. A workaround was provided, and an official fix was deployed to restore normal operations, highlighting the importance of network security and testing in software updates.
Takeaways
- 😀 A recent Microsoft outage affected global systems, causing disruptions in various sectors including flights, hospitals, and stock exchanges.
- 🔍 The outage was associated with the 'Blue Screen of Death' (BSOD), an error state on Windows systems.
- 🤔 The root cause of the outage was traced to changes made by cybersecurity company CrowdStrike, which has a partnership with Microsoft.
- 🛡️ CrowdStrike specializes in endpoint protection, securing devices like PCs, servers, and mobile phones against malware and cyber threats.
- 📈 The company was founded by George Kurtz in 2011 and is known for its endpoint security products like Falcon, Falcon X, and Falcon OverWatch.
- 🛑 The specific product update from CrowdStrike, presumably the Falcon endpoint product, may not have been adequately tested on Windows machines before deployment.
- 👨💼 CrowdStrike's CEO, George Kurtz, clarified that the issue was not a cyber attack but a defect in a software update.
- 🆘 Immediate workarounds were suggested, such as booting Windows in safe mode and deleting specific CrowdStrike files to resolve the BSOD.
- 🌐 The incident sparked widespread discussions and concerns across social media and news platforms about the impact of the outage.
- 🔄 The official fix was deployed to rectify the issue, and customers were referred to the support portal for the latest updates.
- 📢 CrowdStrike emphasized communication through official channels and assured full mobilization to ensure security and stability for their customers.
Q & A
What was the main topic of the session discussed in the transcript?
-The main topic of the session was the recent Microsoft outage, its causes, and its widespread impact on various sectors such as flights, hospitals, and stock exchanges.
What is the 'Blue Screen of Death' (BSOD) mentioned in the transcript?
-The 'Blue Screen of Death' (BSOD) is an error screen that appears on Windows computers, indicating a critical system error. It was the manifestation of the Microsoft outage discussed in the session.
What is CrowdStrike, and what is its relationship with Microsoft?
-CrowdStrike is a leading cybersecurity company specializing in endpoint protection. It has a partnership with Microsoft, managing the endpoint security solutions for Microsoft products globally.
What products does CrowdStrike offer for endpoint security?
-CrowdStrike offers three main products: Falcon Endpoint Protection, Falcon X, and Falcon OverWatch. These products provide next-generation antivirus, automated threat intelligence, and managed threat hunting services, respectively.
What was the suspected cause of the Microsoft outage according to the session?
-The suspected cause of the Microsoft outage was an update or changes made by CrowdStrike in their security portfolio, which was not properly tested on Windows machines before being pushed worldwide.
How did the CEO of CrowdStrike, George Kurtz, respond to the incident?
-George Kurtz clarified that the incident was not a cyber attack and that it was due to an issue found in a single content update in the Windows host. He mentioned that CrowdStrike was actively working with impacted customers and that a fix had been deployed.
What was the workaround provided for the BSOD issue caused by the CrowdStrike update?
-The workaround involved booting the Windows system in safe mode or recovery environment, navigating to the CrowdStrike directory, locating a specific file, and deleting it to resolve the issue.
What was the impact of the Microsoft outage on various industries as mentioned in the transcript?
-The Microsoft outage impacted various industries, including aviation with flight cancellations, hospitals with system disruptions, and the trading sector with stock exchanges being affected.
How did the session describe the role of network security professionals in such incidents?
-The session emphasized that network security professionals and engineers should be aware of such incidents, understand what happened, and stay informed about the market and security landscape to be prepared for such events.
What was the final message conveyed by the session regarding the Microsoft outage?
-The final message was that the issue was resolved with a fix deployed, and the session provided insights into the importance of proper testing and the role of endpoint security in preventing such widespread outages.
Outlines
💻 Microsoft Outage and the Blue Screen of Death
The first paragraph introduces the topic of a recent Microsoft outage, emphasizing its significance due to its widespread impact on various sectors, including flight cancellations, hospital systems, and stock exchanges. The speaker, presumably a network security professional, highlights the importance of understanding such events. The cause of the outage is attributed to the 'Blue Screen of Death' (BSOD), a critical error that occurred due to an update from CrowdStrike, a cybersecurity company partnered with Microsoft. The paragraph also provides a brief explanation of what CrowdStrike does and its role in endpoint security.
🛡️ CrowdStrike's Role in Endpoint Security and the Outage
This paragraph delves into the role of CrowdStrike as a leading cybersecurity company, specializing in endpoint protection. It outlines the company's mission to protect digital assets and provide threat intelligence. The speaker discusses CrowdStrike's products, particularly Falcon, which offers next-generation antivirus and endpoint detection and response in a single platform. The paragraph also touches on the potential consequences of the recent update, which may have led to the Microsoft outage, affecting various Microsoft products globally.
📊 Impact of the Microsoft Outage and CrowdStrike's Response
The third paragraph discusses the widespread impact of the Microsoft outage, with specific mention of the CEO of CrowdStrike acknowledging the issue and clarifying that it was not a cyber attack but a defect in a single content update. The CEO's statement suggests that the problem was isolated to Windows hosts and that a fix was deployed. The paragraph also includes reactions from various sectors, such as airlines and banking services, and references to social media discussions and news articles about the incident.
🔄 Resolution and Workaround for the Microsoft Outage
The final paragraph provides insights into the resolution process for the Microsoft outage. It mentions a workaround solution involving the deletion of specific files related to the CrowdStrike Falcon product, which was suspected to be the cause of the BSOD. The paragraph also notes that while a workaround was provided, a permanent solution was expected to be applied later. It concludes with the speaker expressing hope that the information was useful and thanking the audience for their attention.
Mindmap
Keywords
💡Microsoft Outage
💡Network Security Professionals
💡Blue Screen of Death (BSOD)
💡CrowdStrike
💡Endpoint Protection
💡Falcon Endpoint
💡Falcon X
💡Falcon OverWatch
💡Zero-Day Attack
💡Workaround
Highlights
Session discusses a recent Microsoft outage affecting global systems.
Outage's impact includes flight cancellations, hospital disruptions, and stock exchange issues.
Microsoft products like Teams and Office are widely used and impacted by the outage.
The 'Blue Screen of Death' (BSOD) error is identified as the cause of the outage.
CrowdStrike, a cybersecurity company, is implicated in the outage due to an update.
CrowdStrike specializes in endpoint protection and has a partnership with Microsoft.
The company's products, Falcon, Falcon X, and Falcon OverWatch, are highlighted.
Falcon Endpoint Protection offers antivirus, EDR, and managed threat hunting.
Falcon X provides automated threat intelligence solutions.
Falcon OverWatch is a managed threat hunting service aimed at preventing breaches.
CEO George Kurtz of CrowdStrike addresses the incident, denying it as a cyber attack.
Kurtz confirms that only Windows hosts were impacted, not Mac or Linux.
A workaround for the BSOD involves deleting specific CrowdStrike files.
The incident has caused significant disruption across various sectors globally.
Social media and news outlets are flooded with discussions on the Microsoft outage.
The root cause is traced back to changes made by CrowdStrike in cybersecurity.
A permanent fix is deployed, and the issue is reportedly resolved.
The session concludes by emphasizing the importance of understanding such outages for network security professionals.
Transcripts
hello everyone welcome to the session
and today's session is very interesting
because we are going to discuss one of
the important key topic that is a recent
outage which happened today about uh
Microsoft outage right so why this is
very important uh because we all are
like talking about the network we all
are talking about the security and we
always connected with the Microsoft
product and these product are basically
Ally very popular in all over Globes so
being a network Security Professionals
or Engineers we should know what exactly
happen and what is going on in the
market and why there is lot of you know
cures available across the globe flights
are getting cancelled people are like uh
uh getting mass in the
hospitals uh like the trading sectors
are affected a lot of Stock Exchange has
been like affected due to that so many
organization Enterprise company also get
affected like PCS are not getting up uh
because of this particular outage so we
just have to know that so there's two
things we just have to understand one is
about the Microsoft that is one company
because we all know that what is a
Microsoft and what is the product of the
Microsoft like every laptop having the
Microsoft teams we have the Microsoft
Office and if those products are not
going to work then how basically you are
going to do any kind of the work
so the same thing happened today and
entire system was having some error and
that error was known as the very
important that is a BS o what is a BS o
that is the blue
screen like blue screen of death so
that's why we taken the blue screen as
well so let me show you how it is
exactly going to look like so if you
just go on the
Google and if I go
here and if I just type BS o so it is
going to give such kind of the like you
can see this is the image so once you
have the any kind of the laptop or
desktop which have the Microsoft product
installed once you are going to start
your PC or mightbe reboot your PC you
just going to get this kind of the
images you can see just 7 hour ago 8
hour ago it was happened because today
morning and we are in the evening so
when I'm just recording this video so
that was happen and why it was that is
the most interesting thing this error
was happened because due to the latest
crowd strike attack uh that is not
correct word not attack that is the
update or changes so we already being
the uh networker security engineer we do
some kind Network changes so Cloud
strike also makes some changes so what
is a cloud strike first you have to
understand so basically Microsoft having
the very good partnership with the cloud
strike it's a very uh famous
organization that is u uh available in
uh us and they have the very good uh
Global presence so the crowd stke is a
leading cyber security company and
basically it's specialized in the
endpoint Productions so what is endpoint
production like you have the PC you have
the any kind of the servers you have the
mobile phones any endpoint tablets so
that user are going to use to just do
any kind of the work being the you know
uh in office or being the home when they
doing any professional work so that is
the cloud ass to just protect those kind
of devices the cloud strike is laded in
the market based in the US and this
company was founded in 2011 by the
George KS that is a actual founder of
this company and uh this is quite
popular but what happened today morning
they have done some changes in the
security portfolio that is the latest
update some people also making the
numers it happened due to some kind of
Cyber attack and one of the biggest
cyber attacks but this is not confirmed
news till now so we can just think about
this was happened due to the As for the
official update due to the changes but
still this has been not fully recovered
still the work around has been applied
but they are just working for the just
restore this particular issue so the
cloud strike is the endpoint cyber
security company and they specialized to
just secure the you know infrastructure
to just any kind of the malicias and any
kind of the malware protections any kind
of the attacks and just still you know
uh your asset to be leak so this is
going to be protective the mission of
and vision of this company is just stop
the bridge of any your digital asset and
providing the superior production and
delivering instant insight into the
Cyber threats so that means they are
claiming or basically it having such
kind of the capability this product
having like G scaler and this Cloud
strike and other vendors are also
available in endpoint security they're
claiming they have the capability to
just catch the threats in zero day
attack so anything is going to happen in
malous in a network they're going to
catch and they're going to kill or they
also going to provide the remediation
plan so that's their Vision to redefine
the security for the cloud era and also
for the platform which are the any kind
of the Enterprise Network and also they
are very committed to provide the
endpoint security threat intelligence
and proactive threat hunting so what is
the proactive threat hunting that means
Real Time Zero attack so in the cloud
threats uh if I talk about the cloud
little bit about the inside and
information which we just discussed an
incident that was happened today so this
is basically endpoint security we are
discussing and in this endpoint security
uh this company having a lot of product
so this company having a lot of product
likewise let me just write some kind of
product here so this company having the
product the first product is a
falcon sorry
Falon
and point production
so this is one product so what is this
product is going to do so let me write
another product that is another product
is the Falcon X and third product is the
Falcon OverWatch so these are the three
popular product sorry I make the
spelling wrong so these are the three
products basically it was developed by
the cloud strike so let me write
here cloudd
strike
products okay so these are the three
products so what is a fall uh that
Falcon endpoint production so this is
the first or you can say one of the
popular product that is the uh that that
also know the flagship product providing
the Next Generation antivirus so
basically if you want to just do the any
kind of antivirus prodection if you want
to do any kind of the end point
detection so antivirus EDR that is a end
point detection and response and manage
straight hunting in a single platform so
basically if your laptop having any kind
of virus any kind of the Endo deduction
like any malicious uh things are going
to be happen they are going to do that
and also they keep hunting anything
happening abnormally in a laptop and
they're going to fix and they're going
to provide the remediation plan or
they're going to generate the alert so
this is the first product for the end
point then the next prod is the Falcon X
this is the automated three intelligence
solution so you can just think about we
have something in a cloud or might be
the automation environment who having
the threat intelligence solution that is
going to excelerate your investigation
and response time you just think about
the kind of the sandbox so this is going
to automatically monitor whatever the
transition is going to happen for your
system whatever the file you are going
to upload download this all are going to
be covered by this particular uh Falcon
X and they're going to provide the
realtime threat analysis and they're
going to also provide some kind of
solution for the zero data so this is
the sandbox you can think about it so
I'm just talking in this short so you
can understand about the products and
the third one is the Falcon over watch
so what is the Falcon OverWatch so this
is the manage threat hunting service
that proactively search for the threat
in the stop breaches so it's again kind
of the Falon X but just it is just
related to the produc ability is going
to search the threads and stop the data
bridge if anything is going to happen so
entirely the all three products are
going to be available for the endpoint
Security in the different different
format so basically endpoint production
basically antivirus and ADR that is a
one thing and if you want to just do the
real time research about the threats and
you want to Bri their data and you want
to you want to do the zero day uh like
the analysis then probably you have to
use these two products so this is about
the crowd strike so this crowd strike
having the very good partnership This
Cloud crowd strike having the very good
partnership with the Microsoft and due
to this partnership the cloud strike is
just managing all the Microsoft products
which is available in the globally for
the endpoint solution and they have made
some changes still not decare what
changes they have made Bic they have
made some changes and due to that this
outage was happened so the root cause of
the outage was that that has been traced
till now that the changes has been done
in the cyber security company by the
Tyber security Crow strike and due to
that this has been triggered and the all
system was affected so I hope that has
been clear to everyone and this
Microsoft basically experien the outage
that is the not only the end point which
are in the physical world that also in
the Outlook teams as your envirment so
all region where the Microsoft having
the full uh kind of the flagship program
and the revenue and the customer that
all are going to be impacted okay and
that was that there's a huge loss all
right so let me show you something so if
I just open one of the Tweet uh from the
very uh let me go here I just open this
tweet uh let me show you something so
this tweet was this this is the this is
actually uh CEO and the founder of this
company George so he is talking cloud
strike is actively working with the
customer impacted by the I know defect
found in the single content update in
the window host so he's just simply
mentioning like they are working Mac and
Linux host are not impacted only
impacted host or the window so if you
have the mac and Linux is still you the
safe this is not a security incident or
the Cyber attack so he clear clarifying
that this is not a cyber security
incident or Cyber attack uh this is kind
of the we can say could be the just uh
how can I say what the appropriate work
word so he might be trying to defend
there is no Cyber attack because if he
is going to claim uh there is Cyber
attack and being a cyber security
company if you are not going to be safe
then how you are going to promise other
company product it is going to be safe
so you just think about this I'm the
security professional and I just
employed in my house and uh I'm I'm
available but there still someone enter
in my home and do some kind of the
unauthorized things like they have just
done the thefts so that security
personal never going to accept it was
happen and I was available so he might
be find some excuses similarly this
George is trying to put this is not a
Cyber attack so she's just trying to uh
uh make some branding uh so that people
will not think think negative about this
cloud of strike but this might be true
this might not be true because if you're
going search in the social media I just
went through multiple journals I went
through multiple new channels
international national many people are
talking about this is the Cyber attack
but he is not talking about Cyber attack
and he is talking the issue has been
identified isolated and fix has been
deployed so probably the fix has been
deployed this is the latest one and it
was 3 p.m. today we refer customer to
support portal that uh uh support portal
for the latest update will be the
continue to provide the complete and the
continuous update on our website we
further recommend organization ensure
they are communicating with the cloud
strike representative through the
official Channel our team is fully
mobilized to ensure the security in the
stability Cloud strike customers so
somehow he is trying to put in a strong
position
where he is just confirming that was
happened due to the changes not a Cyber
attack but that could be the
investigation which is going to reveil
after some time because multiple things
happen in the past as well in the
similar kind of the stuff so he's
talking see he was just talking about
the was the Falon agent update not
tested on the window machine prior to
the being pushed the worldwide so see
that's why I just talk about the
products so I mentioned about there are
multiple products so you can see falan
products so f falan endpoint production
this is the product which has been
pushed to the multiple but might be he
just pushing due to not tested prior
pushing to the realtime production
environment and it is the cause for this
particular outage so he is like har is
you know he's talking about that so if
you go and just talk about the uh lot of
discussion happening on the Tweet Crow I
broke our your business today but please
remember you you are the problem not us
we won't provide any helpful information
here remember so he's just trying lot of
things here but if you go and find in
some latest news as well latest article
so there are lot of articles are
available in the social media platform
or the news portal platform in India and
across the world they are talking about
the cloud strike and they are having a
lot of uh problem across the world
Airlines banking services and uh
exchange that is a Sans and other kind
of the trading exchange has been
completely disrupted by this particular
outage and the full story about this
Microsoft outage how the service came
into the standfield worldwide right and
when it get backed that kind of the
title you are going to find that but now
as for the CEO of the company he
confirmed that that has been resolved
but yes this was the reasion that we
just discussed about that the the main
concept is what was happen is the bsod
that is the blue screen of the death so
that was eror happened and this was
happened due to the FAL con endpoint
deployment was happen across the globe
and he is talking might be not tested
and that was the reason the entire
machine was get affected but now it has
been recovered so let me show you some
other things so probably you can just
find and uh search a little bit about
that so if I go and just uh in ready uh
I just try to find something something
so if you just go here let me just copy
this is this link so here is you can see
lot of search is here so many window 10
machine blue screen struck so if you
just open you just going to find lot of
news you can see again here the bsod
blue screen of death so you just go and
read about this so they are talking
about you can see here they are talking
about wondering if anyone else is seeing
this we suddenly had 2040 machine across
our Network blue scen almost
simultaneously edited this is like they
are talking about something something
and Cloud strike you can see Cloud
strike B sod that the blue screen of
death due to the cloud strike I got two
separate organization in Australia
experiencing this this was happened uh
uh the walk around State they also
provided how you can fix it workaround
means the temporary solution the
permanent solution might be applied
later but they are talking about the
workaround solution as well boot uh
window in the safe mode or window
recovery environment navigate to this
particular folder you can see Cloud
strike directory and locate this
particular file and delete it so if
you're going to do that your issue is
going to be fixed and boot host normally
this was the work around if you have the
issue you can just try and you can use
that so yes just start the 160 server
all are bsod so that server also got
impacted this is not going to be fun
evening so he is talking about like he's
in trouble and seriously being the
network and security engineer and if you
have kind of incident also I'm laughing
but that's that's very you know painful
for us so we should very you know in
difficult situation so we lost over the
960 instances in the data center you can
see and work across the globe loss the
recovery of the staff work ex going to
be insane he's talking now you know all
the called Cloud strike so they all are
talking about the cloud strike put in
their Tech bulletin behind the support
login so basically nobody can see call
them this Cloud strike and delete the
post so whatever the work on seeing the
us and 9:00 p.m. so if you see that in
the Google and uh let me show you a
little bit about one of the famous
YouTuber uh video one of the video as
well so a little bit you can just go and
research about that this is like the
first take person who launched this
particular update what was happen so
even you can just watch that so he's
talking about this BSD Cloud strike he's
talk he's going to talk about what was
happen due to this Cloud strike so let
me so little
bit if I go
here so he he is just talking about the
how the machine you can see the realtime
airport situation you can see how how it
is happening so there is like the lot of
um people are on the airports and these
people are trying to book some kind of
tickets all is screen is blue you can
see all screen are the blue so how you
going to get the broading pass how the
tickets is going to be like uh available
so this is all you can think about and
people are talking about a lot of thing
about this particular issues so main
reason we got it right so this is the
Falcon product which is the endpoint
security that was designed by the crowd
strike and due to that particular push
we are suspecting that was not properly
tested and due to that the entire glob I
can say Microsoft PC has been impacted
to just fix it we have the workaround
solution to delete the temporary assist
files which is available which I show
earlier or they just provided some
update and after providing that update
it has been fixed so I I hope this uh
content is useful for you and thanks for
watching this have a great day bye-bye
take care
تصفح المزيد من مقاطع الفيديو ذات الصلة
Special report: Major computer outages occur worldwide
Global Cyber Outage: How did Microsoft Crash Worldwide? | Vantage with Palki Sharma
What is 'Blue screen of death' due to Crowdstrike error | Latest English News | WION
CrowdStrike IT Outage Explained by a Windows Developer
CrowdStrike Update: Latest News, Lessons Learned from a Retired Microsoft Engineer
The World's Largest Computer Crash Just Happened...
5.0 / 5 (0 votes)