Impact of the CrowdStrike Windows 10 BSOD

2024-07-19 | Martina Grom

As reported in most media, we would like to inform you about a global outage caused by a erroneous software update from cybersecurity company CrowdStrike today, on July 19th. This Endpoint security solution is used in many organizations, from hospitals to tech companies, education, airports and many other industries. Crowdstrike rolled out an update to its customers that caused Windows 10 computers to crash, see the CrowdStrike Statement on Falcon Content Update for Windows Hosts. The affected computers no longer start correctly, but instead produce a Windows BSOD (Blue Screen Of Death). Such computers are getting stuck at the “Recovery” screen. See how to resolve this if your Windows computer is affected by the CrowdStrike update.

The CrowdStrike update has caused many companies and organizations to experience major inconveniences when using Windows. The consequences of this are enormous, and affect major services like banks, media, Airlines, Microsoft services and stock exchanges world wide. The web and Social Media is full of such articles and posts. See among others BSOD error in latest crowdstrike update and many more. Also Microsoft is actively providing support to assist customers in their recovery, offering additional guidance and technical assistance, see also Satya´s tweet here.

a desparate man in front of a windows 10 computer with a blue screen showing an error to restart the pc in pixar style with white background

The impact for our customers ranges from none to strong impact. For impacted customers CrowdStrike, please read the article Windows 10 BSOD, stuck at recovery due to CrowdStrike, but there’s a fix or follow these steps:

  1. Restart your computer and boot Windows in Safe Mode to enter the Windows Recovery Environment (winRE). When the Advanced Boot Options menu appears select Safe Mode from the list.
  2. In Safe Mode, open the Command Prompt (Admin) or Windows PowerShell (Admin). In the prompt, enter: cd C:\Windows\System32\drivers\CrowdStrike
  3. Locate and delete the file matching "C-00000291*.sys": del C-00000291*.sys
  4. Restart your computer. Your computer should start normally.

Microsoft also launched a USB tool to help IT Admins expedite the repair process

For Windows Virtual Machines running on Azure follow the mitigation steps in Azure status.

We hope this information helps users affected by the CrowdStrike Windows 10 BSOD.

Categories: atwork, English, Microsoft, Security, Windows

Source: https://blog.atwork.at/post/CrowdStrike-Windows-10-BSOD