Global computer outage after Crowdstrike update

There are several media reports of a global computer outage following an update from cybersecurity company CrowdStrike. Windows computers in particular show a ' Blue screen of death ' (BSOD) / blue screen. This prevents the computers from starting up.

What is going on?

The most recent update of Crowdstrike Agent causes a Blue Screen of Death (BSOD).
Crowdstrike acknowledges the issues and is currently conducting research to resolve the issues.
patch been made available at this time However, a workaround been made available by CrowdStrike, which we share below in the action perspective.

The National Cyber ​​Security Center (NCSC) has confirmed that the workaround provided by CrowdStrike works. This is very labor intensive and must be carried out per system. The NCSC currently has no indication that the situation is the result of actions by malicious parties.

What can you do?

If you have not yet performed the latest update to Crowdstrike agent, we recommend that you do not do so until a verified solution is available. If the systems 'loop crash', it is advisable to take the following steps to perform a manual intervention:

Boot Windows to Safe Mode
Navigate to C:WindowsSystem32driversCrowdStrike directory in Explorer
Locate file “C-00000291-00000000-00000032.sys” file, right click and rename the file to “C-00000291-00000000-00000032.renamed” (the version may differ from your host)
Boot the host

Not sure how to apply this workaround? Then ask your IT service provider for help in carrying out the workaround. The Digital Trust Center (DTC) advises you to follow the NCSC reporting for the latest news.  

Severe Vulnerabilities in Cisco Secure Email Gateway

Two vulnerabilities have been fixed in Cisco Secure Email Gateway. This Cisco environment is intended to protect a user's email in the cloud. The vulnerabilities are classified as CVE-2024-20401 and CVE-2024-20429 .

The Cisco vulnerabilities receive a CVSS score of 9.8 (CVE-2024-20401) and a CVSS score of 6.5 (CVE-2024-20429), the vulnerabilities are rated as 'High/High' . This means that both the chance of misuse and the chance of damage are high. So far, Cisco indicates that it is not aware of any exploitation of this vulnerability.

What's the risk?

The most critical vulnerability (CVE-2024-20401) allows an unauthenticated attacker to send an email with a specially prepared (malicious) attachment:

Add users with root rights;
Adjust the device configuration;
Run arbitrary code;
and Cause a permanent Denial of Service (DoS).

The second vulnerability (CVE-2024-20429) concerns a so-called 'Server-Side Template Injection'. This allows an authenticated attacker with 'operator' privileges to remotely execute code with root privileges on the underlying system.

What can I do?

Cisco has released software updates for CVE-2024-20401 and CVE-2024-20429 to address the vulnerabilities. The Digital Trust Center (DTC) recommends implementing the recommended mitigation measures as soon as possible. If necessary, ask your IT service provider to help you with this.

Emergency maintenance Microsoft Teams Direct Routing

Maintenance will be carried out on Microsoft Teams Direct Routing between Thursday, July 18, 2024 at 11:00 PM and Friday, July 19, 2024 at 1:00 AM. Configuration work is carried out during this maintenance. During maintenance, active Teams conversations may experience a brief interruption

Emergency maintenance HIP Reporter and KPN EEN Call Reporting

On Thursday, July 18, 2024, maintenance will be carried out on HIP Reporter and KPNEEN Conversation Reporting between 3:00 AM and 5:00 AM. The portals may be less accessible during maintenance. No impact is expected on the collection of call data.

Maintenance Colocation AM7 suite Z3C

On Wednesday, August 28, 2024, maintenance will be carried out on the electrical infrastructure of Colocation AM7 suite Z3C between 11:00 PM and 5:00 AM. During maintenance there is a power outage to all ¼ cabinets in suite Z3C. Engineers check the

Telephony platform maintenance (ASB10)

On Monday, July 22, 2024, maintenance will be carried out on the telephony platform (ASB10) between 10:00 PM and 11:00 PM. During this maintenance, configuration work will be carried out on the ASB10. No impact on the availability of the platform is expected. Engineers monitor

Telephony platform maintenance

Work will be carried out on the telephony platform between Monday, July 29, 2024, 11:00 PM and Tuesday, July 30, 2024, 1:00 AM. Certificates are replaced during this maintenance. KPN Een end users who connect to the telephony platform with TLS encryption can temporarily

Emergency maintenance Telephony platform

Maintenance will be carried out on the telephony platform on Monday, July 15, 2024 between 11:00 PM and 11:59 PM. Configuration work is carried out during this maintenance. No impact on the availability of the platform is expected. Engineers monitor the platform