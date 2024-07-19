This Friday, a global computer crash was caused by an update to the Falcon program from CrowdStrike, a cybersecurity provider. An incompatibility in this software has caused the Windows operating system, the most used in the world, to not work correctly and drag down other programs with it. Microsoft sources say that the update has been withdrawn by CrowdStrike. The cybersecurity company has released a statement among its clients a small guide which explains how to resolve the incident. Experts say that it can be patched without much difficulty, but manually, until vendors are able to find external, automatic solutions.

The trigger for the failure, an update to one of the most powerful antivirus programs on the market, common among large corporations, has caused computers around the world to boot up with the dreaded “Blue Screen of Death” that Windows displays when something breaks. Users have to delete the file containing the latest Falcon update, because it is incompatible with Windows. “The procedure is manual and can be resolved case by case in each company or computer system, which is costly and complex, but can be done as an emergency measure in minutes,” says Martín Piqueras, professor at OBS Business School and Gartner expert.

The National Institute of Cybersecurity (Incibe) has explained in a note how the update of CrowdStrike components that are causing blue screen loops and recommends not running the update, if you have not already done so, until a verified solution is available. “For systems that already fail, some are restarted to a normal operating state and it is considered that they should choose the new file of the component that does not cause problems over the one that causes problems. Some systems simply fail in a loop and may require manual intervention,” explains Incibe. These would be the steps to follow:

Start Windows in Safe Mode or Windows Recovery Environment mode. Access the directory C:WindowsSystem32driversCrowdStrike. Locate the C-00000291*.sys file and delete it. Start the device normally.

“What we are seeing today is that one of these tools designed to protect computers (Falcon, from CrowdStrike) is interpreting that the programs good “Microsoft’s malware is a threat to computers and is therefore preventing companies from operating normally. This is due to an error in the configuration of the tool generated by the manufacturer itself,” explains Piqueras.

“It would be normal for Microsoft and CrowdStrike to deliver an automated solution within a few hours that would allow services to be fully restored,” he says, “although companies would then have to deal with any missing services or issues, which could take longer.”

