How to Fix the Crowdstrike Thing(twitter.com)
twitter.com
How to Fix the Crowdstrike Thing
https://twitter.com/vxunderground/status/1814280916887319023
20 comments
A test order randomizer could have caused a meta-QA-test to write the test-artifact-file over the actual build artifact file. If so, these meta tests were not supposed to run at this stage, but laziness prevails, and the same test runner looks to have been used for both the main and the meta QA tests.
"post-processing step" aka regex? :)
HN comments from a green username citing a friend who knows someone aren't the greatest source, but this sounds so believeable
HN comments from a green username citing a friend who knows someone aren't the greatest source, but this sounds so believeable
To save everyone going to that abomination of a site:
vx-underground
@vxunderground
How to fix the Crowdstrike thing:
1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you're using BitLocker jump off a bridge
vx-underground
@vxunderground
How to fix the Crowdstrike thing:
1. Boot Windows into safe mode
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Delete C-00000291*.sys
4. Repeat for every host in your enterprise network including remote workers
5. If you're using BitLocker jump off a bridge
Or if you actually kept track of these things: pull out the bitlocker recovery key, even if it's on an old USB at the back of a drawer. Ask How I Know
Reboot harder.
> Update as of 10:30 UTC on 19 July 2024: We have received reports of successful recovery from some customers attempting multiple Virtual Machine restart operations on affected Virtual Machines.
> We've received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.
https://status.cloud.microsoft/
> Update as of 10:30 UTC on 19 July 2024: We have received reports of successful recovery from some customers attempting multiple Virtual Machine restart operations on affected Virtual Machines.
> We've received feedback from customers that several reboots (as many as 15 have been reported) may be required, but overall feedback is that reboots are an effective troubleshooting step at this stage.
https://status.cloud.microsoft/
I'm not the one to bash Microsoft "just because", but this "up to 15 reboots" thingy reminds me that MS most likely doesn't know what's going on in their own damn OS anymore.
Related picture - not long ago such a message would've been completely unacceptable, yet here we are.
https://i.imgur.com/4rQLcb7.png
Related picture - not long ago such a message would've been completely unacceptable, yet here we are.
https://i.imgur.com/4rQLcb7.png
sounds like a race condition that you have a fair chance of recreating after 15 reboots?
Any indication that this might work for physical computers?
Worked for me. Working for a few or my colleagues. Reboot again and again.
My physical workstation (a Precision laptop) was affected and a single reboot fixed it. Most of my colleagues weren’t as lucky.
I think I'm well past 15 on my laptop now. My desktop was unaffected, but I reach over and click restart every once in a while to see if something different happens.
Sounds like a race condition that some systems hot and others don't
[deleted]
Bitlocker instructions in a reply, direct link if you don't have a Twitter account: https://twitter.com/Syndikalist/status/1814281141265846772
Well, don't use windows but if you can bypass Bitlocker to modify a kernel extension it seems like you could just bypass Bitlocker to install a keylogger / whatever?
With the utility of in a shared computer environment (say school library) you can get the administrative password with enough time.
With the utility of in a shared computer environment (say school library) you can get the administrative password with enough time.
[deleted]
Their test setup was fine for the update data itself, it's just that they didn't catch it before it was sent out to production because they were testing the wrong thing. Oops.