CrowdStrike Update Triggers Widespread Windows BSOD Crashes

A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users, leading to widespread reports of Blue Screen of Death (BSOD) errors.

The issue, affecting multiple versions of the company’s sensor software, has prompted urgent investigations and a swift response from CrowdStrike’s engineering team. A report from the Reddit platform states that a CrowdStrike update triggers widespread Windows crashes.

Immediate Impact and User Reports

According to reports, users across various sectors have encountered BSOD errors on their Windows machines, which are attributable to the crashes caused by recent updates from CrowdStrike.

The problem seems widespread, affecting machines running different versions of the CrowdStrike sensor software.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

“We’re aware of a widespread issue causing BSOD errors on Windows machines across various sensor versions,” a CrowdStrike representative stated in a pinned forum message.

The company has acknowledged the problem and is actively investigating the root cause. The sudden crashes have disrupted business operations and personal computing, with many users expressing frustration over the unexpected downtime.

CrowdStrike’s forums have been inundated with reports and queries from affected users seeking solutions and updates.

Engineering Response and Reversion of Changes

CrowdStrike’s engineering team has been quick to respond to the crisis. According to a pinned thread on the company’s forum, the team has identified a content deployment related to the issue and reverted those changes.

This move is expected to mitigate further occurrences of the BSOD errors while a more permanent fix is developed. In the meantime, CrowdStrike has provided a workaround for users experiencing the crashes.

The recommended steps involve booting the affected Windows machine into Safe Mode or the Windows Recovery Environment, navigating to the C:\Windows\System32\drivers\CrowdStrike directory, locating the file matching “C-00000291*.sys”, and deleting it. Users can then boot their machines normally.

Technical Alert and Ongoing Investigations

CrowdStrike has assured users that a detailed Technical Alert (TA) will be published shortly, providing more information about the issue and potential solutions. The pinned forum thread will remain active to offer users easy access to updates and support.

Some users have praised the company’s swift action and transparent communication, while others remain concerned about the potential for further disruptions.

“It’s reassuring to see CrowdStrike taking immediate steps to address the problem,” said one user. “But we hope for a more permanent solution soon.”

CrowdStrike’s engineering team continues to investigate the underlying cause of the issue, aiming to prevent similar incidents in the future.

The incident has highlighted the challenges of maintaining complex cybersecurity systems and the importance of rapid response mechanisms in mitigating the impact of such disruptions.

While the immediate impact has been significant, the company’s proactive measures and ongoing investigations offer hope for a swift resolution. Users are advised to follow the provided workaround steps and stay tuned for further updates from CrowdStrike.

To check if your CrowdStrike sensor version is affected by the BSOD issue and to possibly fix it, follow these steps:

1. Identify Your Sensor Version

Boot into Safe Mode:

  • Restart your computer.
  • As your computer restarts, press F8 (or Shift + F8) to open the Advanced Boot Options menu.
  • Select Safe Mode and press Enter.

Check the CrowdStrike Falcon Sensor Version:

  • Once in Safe Mode, open the command prompt:
  • Press Win + R, type cmd, and press Enter.
  • Navigate to the CrowdStrike directory:
   cd "C:\Program Files\CrowdStrike"
  • Check the sensor version:
   csfalconctl.exe -g --version
  1. Note the sensor version displayed. If it’s version 6.58 or similar, it could be affected.

2. Check the Installation Date

Check Installation Date:

  • Open File Explorer and navigate to:
   C:\Program Files\CrowdStrike
  • Right-click on the csfalconctl.exe file and select Properties.
  • Go to the Details tab and look at the Date modified field. If the installation date coincides with the onset of BSOD issues (around July 19, 2024), it’s likely the cause.

3. Look for Specific Error Messages

Identify BSOD Error:

  1. If your system encounters a BSOD, note the error message. The specific error associated with this issue is “DRIVER_OVERRAN_STACK_BUFFER”.

Possible Workarounds

Boot Windows into Safe Mode or Windows Recovery Environment:

  1. Restart your computer.
  2. As your computer restarts, press F8 (or Shift + F8) to open the Advanced Boot Options menu.
  3. Select Safe Mode and press Enter.

Navigate to the CrowdStrike Directory:

  1. Open File Explorer and navigate to:
   C:\Windows\System32\drivers\CrowdStrike
  1. Look for a file matching “C-00000291*.sys”.

Delete the File:

  1. Right-click on the file and select Delete.

Boot Normally:

  1. Restart your computer normally to see if the BSOD issue is resolved.

Additional Notes

  • Backup Important Data: Before making any changes, ensure that you have a backup of your important data.
  • Contact Support: If you are unsure about any steps or if the issue persists, contact CrowdStrike support for assistance.

These steps should help you identify and potentially resolve the BSOD issue related to the CrowdStrike Falcon sensor.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.