During late July 2024 a CloudStrike update caused a major issue with Windows operating systems related to the Falcon Sensor. CloudStrike has released a workaround for the issue
In a nutshell, the workaround involves booting into windows recovery mode, navigating to the CloudStrike directory, deleting a .sys file then reupdating. While detailed steps can be found via the CloudStrike workaround, its best to leave this to a professional as unexpected issues may occur such as with BitLocker encrypted drives for example.
Now, the purpose of this article is not to assign blame, get all emotional and pick up the pitchforks. The purpose of this article is how can we all learn from this and prevent this from happening again in the future. Moving forward, as this outage is expected to cost the Australian economy billions of dollars, business should safeguard their assets by exploring options to test application updates before deploying them on their production systems. This can be achieved via setting up a sandbox environment.
By buliding a sandbox environment for testing application updates system administrators will be able to test the updates before deploying them on business computer systems. Now most of the time application updates cause no issues, but when they do cause issues, it can bring chaos to your business.
If I was to download and test new software, I will first download it in a sandbox environment. Personally, I use Windows Sandbox as whatever happens in the sandbox stays in the sandbox and when you leave the sandbox, its completely destroyed.
Businesses may however need a more advanced sandbox, this can be achieved by creating a replica of the business systems in an isolated virtual computer network hosted on Hyper-V or Virtual Box. When an update is released, system administrators can simply test the update in this sandbox to see how the update will affect your systems.
If you require assistance with building a sandbox testing environment for your business, or restoring systems affected from the faulty CloudStrike update give Shanes Computing and Networking a call and Shane will be happy to assist.