CERT-In Issues warning: Crowdstrike Falcon Sensor update causes critical windows system failures

RBI says that the critical systems of most banks are not in the cloud system.

New Delhi: The Indian Computer Emergency Response Team (CERT-In) has issued an advisory, CIAD-2024-0035, addressing a severe outage impacting Microsoft Windows systems.

According to CERT, this disruption is linked to the recent update of the CrowdStrike agent, Falcon Sensor, which has caused affected systems to experience crashes and the notorious “Blue Screen of Death” (BSOD).

Recent reports have indicated that Windows hosts equipped with the CrowdStrike Falcon Sensor are encountering stability issues due to the latest update of the product.

This update has led to widespread outages and system crashes, rendering many Windows hosts inoperable and displaying the BSOD.

To mitigate these issues, the CrowdStrike team has reverted the changes made in the recent update. However, if hosts are still experiencing crashes and are unable to stay online to receive the necessary Channel File Changes, CERT-In recommends certain steps.

1. First, boot Windows into Safe Mode or the Windows Recovery Environment.
2. Next, navigate to the directory C:\Windows\System32\drivers\CrowdStrike and locate the file matching the pattern “C-00000291*.sys”.
3. Once identified, delete the file. Finally, reboot the host normally.
Users are also advised to check for the latest updates and further instructions on the CrowdStrike support portal: CrowdStrike Support Portal.

Union Minister for Information Technology Ashwini Vaishaw assured that the Government was in touch with Microsoft.

“MEITY is in touch with Microsoft and its associates regarding the global outage. The reason for this outage has been identified and updates have been released to resolve the issue. CERT is issuing a technical advisory. The NIC network is not affected,” the Minister said.

Earlier on Friday, Global software giant Microsoft said that an outage in its online services has affected customers across the world, including in India.

Microsoft Windows users reported facing ‘Blue Screen of Death’ errors with many users taking to social media platform X to report about the issue.

Meanwhile, in its latest update, Microsoft said ” Our services are still seeing continuous improvements while we continue to take mitigation actions. Multiple services are continuing to see improvements in availability as our mitigation actions progress.

In the wake of the Microsoft outage, the Reserve Bank of India says that it has made an assessment of the impact of this outage on its Regulated Entities, which shows that only 10 banks and NBFCs had minor disruptions that have either been resolved or are being resolved.

RBI says that the critical systems of most banks are not in the cloud and further, only a few banks are using the CrowdStrike tool.

It further says overall, the Indian financial sector in the Reserve Bank’s domain remains insulated from the global outage.

The Reserve Bank issues an Advisory to its Regulated Entities to take necessary steps to remain alert and ensure operational resilience and continuity.