Microsoft confirms CrowdStrike update also hit Windows 365 PCs
Microsoft says a faulty CrowdStrike Falcon update, which caused widespread outages by crashing Windows systems worldwide, also resulted in Windows 365 Cloud PCs getting stuck in reboot loops, rendering them unusable.
"We have been made aware of an issue impacting Virtual Machines running Windows Client and Windows Server, running the CrowdStrike Falcon agent, which may encounter a bug check (BSOD) and get stuck in a restarting state," Microsoft said on its Service Health Status page.
"We approximate impact started around 19:00 UTC on the 18th of July. Additional details from CrowdStrike are available here."
For Windows devices affected by the faulty CrowdStrike update, the security firm provided instructions on rebooting Windows devices into Safe Mode or the Recovery Environment and manually removing the problematic kernel driver.
However, recovery is more limited or time-consuming for Windows 365 Cloud PCs that have CrowdStrike installed. This is because Windows 365 Cloud PCs are virtual machines running in the cloud and do not offer access to these recovery options.
For Windows 365 Cloud PCs, Microsoft recommends restarting the affected VMs (as many as 15 times) via the Azure Portal. This troubleshooting step proved effective for some Windows admins when trying to recover from these reboot loops, according to Microsoft.
Alternatively, customers can restore from an Azure Backup before 19:00 UTC on July 18th, with the risk of possibly losing data created after the backup.
As a last resort, customers can use the Azure CLI or Azure Shell to repair the OS disks offline by deleting the Windows/System/System32/Drivers/CrowdStrike/C00000291*.sys file, and reattaching the original VM.
"Customers that are continuing to experience issues should reach out to CrowdStrike for additional assistance," the company said on the Azure status page.
"Additionally, we're continuing to investigate additional mitigation options for customers and will share more information as it becomes known."
As BleepingComputer reported yesterday, a defective component in a CrowdStrike Falcon update triggered widespread outages on Friday, crashing Windows systems with blue screen of death (BSOD) errors.
These outages impacted many organizations and services worldwide, including banks, airlines, airports, TV stations, and hospitals, taking offline entire companies and fleets of hundreds of thousands of devices.
George Kurtz, CrowdStrike's President and CEO, said the company was "actively working with customers" and confirmed that the ongoing issues were caused "by a defect found in a single content update for Windows hosts." Kurtz also warned customers to ensure "they're communicating with CrowdStrike representatives through official channels."
Unfortunately, despite providing workarounds and deploying a fix on Windows hosts caught in crashing loops, companies will likely have to deal with the effects for a while, given that applying the workaround for CrowdStrike's glitched update cannot be automated at scale.
On Thursday evening, an Azure configuration change also caused a major Microsoft 365 outage, which, according to Microsoft, prevented customers across the Central US region from accessing various Microsoft 365 apps and services.
The Microsoft 365 outage impacted services such as Microsoft Defender, Intune, Teams, PowerBI, Fabric, OneNote, OneDrive for Business, SharePoint Online, Windows 365, Viva Engage, Microsoft Purview, and the Microsoft 365 admin center. Xbox Support also confirmed that the issue affected the Xbox Live service, saying gamers had problems logging into their accounts.
Although Microsoft applied mitigation measures that brought most affected apps and services back online, some customers still experience issues accessing and using services like Microsoft Teams and the Microsoft 365 admin center.
source: BleepingComputer
Free security scan for your website
Top News:
Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
October 30, 2024Microsoft SharePoint RCE bug exploited to breach corporate network
November 2, 2024