Threat Bulletin

Alert essentials:
A CrowdStrike Falcon endpoint update released yesterday is causing blue screens on Windows systems worldwide.

The CrowdStrike update has been corrected, and a workaround is available to access systems experiencing a bug check\blue screen error.

Email Team

Detailed threat description:
A driver update for CrowdStrike Falcon endpoint deployed yesterday is negatively impacting Windows systems and causing a bug check\blue screen error on devices across the globe. A fix has been released, and a workaround is available.

CrowdStrike is working with clients and their latest updates are available in their support portal.

Below are use cases in which hosts are not expected to be impacted:

• Hosts running Windows 7/2008 R2 are not impacted
• This issue is not impacting Mac- or Linux-based hosts
• Windows hosts that were offline and were brought online after 0527 UTC will also not be impacted

Impacts on healthcare organizations:
Outages are being reported in industries worldwide, spanning banking, grocery, transportation, and healthcare.

Some healthcare organizations are experiencing on-site outages due to affected vendor devices and SaaS (Software as a Service) solutions.

Reported SaaS outages include services such as Oncology and Radiology.

Healthcare-based impacts have been reported in the US, Australia, Croatia, Germany, Israel, and the Netherlands. This list is non-exhaustive and expected to continue growing.

It has also been reported that many systems require a reimage even after remediation steps are taken due to issues with disk encryption.

Engineering recommendations:

References: