According to the BBC it's a cybersecurity company that's the origin of the issues. They've released an update to their software that seems to have gone wrong 

Yes, its being reported in the IT technical websites. Unfortunately its a issue that results in the PC being stuck in a continual boot loop. It can be resolved, but it needs physical access to the device. Unfortunately where a device is in a remote location, it will take time to get a trained person to rectify the issue.

This isn't the first time Microsoft or one of there suppliers has pushed an update that breaks things...

Both of my brothers work in the IT industry. One for a London based insurance company and one is an IT Project Manager working for a well known restaurant chain.  I'm guessing they're both a little bit busy today... 

Apparently an anti-malware package from "Crowdstrike" - I can't say I've heard of them before. Seemingly it only affected the windows version of their product - Linux and Apple versions were OK.

   - Andy.

AJJewsbury said:

Linux and Apple versions were OK.

If I was being slightly facetious, I would question whether they have any Linux or Apple OS customers.. If I was more so, i wonder how many customers they will have in the future.

Its a commercial endpoint security, so most non-corporate users are unlikely to be running it. It looks like it has been extensively used for embedded endpoints, such as Point of Sale machines and similar. But from some of the comments on "El Reg", it looks like it has been deployed in large organisations with lots of remote employees.

It does rather highlight the problem of mono-culture - much as the potato blight has caused famines for folk who could grow little else,  it seems we are building a very brittle IT dependent world where most things run on Windows, and only a very small fraction of the folk who depend on it also understand how it works underneath the point and click level well enough to fix it. And the doubtful wisdom of all the updates being installed remotely as soon as they become available, rather than only on some machines, then waiting a day to make sure it works, to do the rest.

The good news is it was only a mistake, albeit quite an expensive one.

If it serves to makes folk realise how much worse it would have been if it had been a spoof update that loaded normally, and then wiped the disks, which is the sort of thing a truly bad actor would do, then maybe it is a bit of a  'wake up' call.

It did have the rather refreshing effect for me, of being able to order and pay for a pub lunch by standing at the bar holding cash, while others about me were  waiting looking at their respective fondle slabs and look puzzled and disappointment (I'm of a generation that is no more likely to leave the house without money as I am to leave without underwear, as it just feels odd.)

Mike

If I was being slightly facetious, I would question whether they have any Linux or Apple OS customers..

On the presumption that almost everything runs windows (which wouldn't be entirely accurate - the vast majority of serious back-end stuff uses anything but windoze - usually some Unix derivative) ... or because other OSs don't seem to attract quite as much attention from the black hats?

And the doubtful wisdom of all the updates being installed remotely as soon as they become available, rather than only on some machines, then waiting a day to make sure it works, to do the rest.

Absolutely - a few years ago when one of my responsibilities was to apply updates to a number of servers, we'd do all the internal/testing ones first, then wait a day or two before applying the same to production servers (and of course things could be speeded up if there was a particularly nasty vulnerability). Seemed like an obvious precaution at the time, but an option that seems to have got lost in the current world of fully automatic updates. As simple configuration to delay applying updates for so many hours (set longer on more critical boxes) might be a useful option.

  - Andy.

Much of the chat in the other forums I read is that Linux doesn't need to have such software, because its secure by design. This of course, isn't true, Linux can equally be compromised in similar ways. But the fractured nature of Linux means that its probably a more complex target for hackers and the fact that its less common with End Users (which are an organisations greatest vulnerability) means there is less value in attacking it.

However, last time I checked, approximately half of the worlds webservers run on a form of Linux or similar. A lot of the routers offered by ISPs run on something based around the Linux Kernel as well. So in terms of damaging infrastructure, Linux is absolutely a target.

The information I'm not seeing is that it was a null pointer dereference and the discussions seem to have moved on to whether it would have been avoided if they had been using Rust (or another language with inherent safety) instead of C/C++. 

I understand that the problem with resolving this is that each physical machine has to be started in safe mode (do 3 "hard stop" by pressing the power button for 10 sec and restarting 3 successive times then boot normally to get into winRE then navigate to safe mode), then locate the faulty file and delete it.  It will need someone that knows what they are doing.

David

It's a little more challenging if the machine has an encrypted disk, which most corporate machines do these days. The security key needs to be known - which regular users will not have access to. You can't boot into safe mode without the key. Otherwise you would be able to bypass the encryption.

I understand if the machine impacted is an Azure instance (i.e., a VM) it simply needs to be rebooted about 10-16 times and eventually it fixes itself.

One news report said that just short of 9 million Windows machines were impacted. Which is actually a small proportion of the total, but it seems that those machines where located in some key areas.