‍

CrowdStrike's statement: https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/

Interesting that they call it a "defect"...

Affected companies

Global

• Dayforce (source)
• UKG (suspected, partial, source: notice sent out from 3rd-party IT group about "issues")

Canada

• Dulux Paint (source: eyewitness account)
• Porter Airlines (source)
• Canada Border Services Agency (partial, remediated, source)
  • "partial systems outage of its telephone reporting system, primarily used by small aircraft passengers and boaters"
• Dealertrack (suspected, source: notice sent out from 3rd-party IT group about "issues")
• The Canadian Press (remediated, source)
  • affected "wire content and all audio and photo delivery"

British Columbia

• Provincial Health Services Authority (source)
  • affects all provincial health authorities
  • also affects hospitals, doctor's offices, urgent & primary care centres, etc

United States

• Customs and Border Protection (partial, source)
  • Most ports listed on CBP Border Wait Times are listed as "Update Pending"
    
    

Unaffected companies

• TransLink (suspected)
  • No service disruptions or announcements
• Air Canada (source)
• WestJet (source)
• Nav Canada (source)

‍

Notes

Some newly observed domains that are possibly related, and that I will be monitoring:

• bsod1popover.workers[.]dev
• crowdstrikeoopsie[.]com
• crowdstrike[.]fail
• crowdstrikeupdate[.]com
  • and then sinkhole-d845c7b471d9adc14942f95105d5ffcf.crowdstrikeupdate[.]com... which is interesting
• isitcrowdstrike[.]com

‍

Header photo by Chris Ried on Unsplash