Office under Windows 11 24H2 with installed Crowdstrike paralyzed
If you use Crowdstrike security software and have updated to Windows 11 24H2, you may have had to deal with non-functioning apps.
Word can drive people to despair.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Microsoft has reported problems with malfunctioning Office apps that can occur after upgrading to Windows 11 24H2. On affetced systems a feature of the security software from Crowdstrike was activated.
The announcement from Microsoft, which has received little attention to date, dates back to mid-October. "Office apps may be affected. The issue occurs when anti-malware security solutions enable certain features," Microsoft's developers summarize the problem.
Several apps may stop working after update
"After installing Windows 11 24H2, Microsoft and third-party apps may stop responding when anti-malware security solutions enable certain features. Office applications such as Word and Excel may be affected," the authors write. On affected devices, Crowdstrike's Falcon sensor runs with the "Enhanced Exploitation Visibility" policy enabled in the prevention policy for the host.
Videos by heise
According to Microsoft, most affected organizations reported seeing this behavior after in-place upgrades and new installations of Windows 11 24H2. Microsoft is investigating whether the problem could occur with previous versions of Windows and other third-party security software. Only organizations and IT environments that are managed are affected. Users of Home or Pro versions of Windows that are not managed by an IT department would probably not observe the behavior.
The previous solution comes from Crowdstrike itself. The company has temporarily disabled the "Enhanced Exploitation Visibility" policy on hosts running Windows 11 24H2. However, Microsoft and Crowdstrike are working together on a better solution.
In July, Crowdstrike paralyzed millions of Windows computers with a faulty update. One week after the incident, 97 percent of the affected machines were said to be up and running again, but this corresponded to around 250,000 computers that were not yet operational again. At the end of October , the affected Delta Airlines filed a lawsuit against Crowdstrike due to the massive IT incident.
(dmk)
