A recent update from cybersecurity firm CrowdStrike has caused significant disruptions for Windows users, leading to widespread reports of Blue Screen of Death (BSOD) errors.
The issue, affecting multiple versions of the company’s sensor software, has prompted urgent investigations and a swift response from CrowdStrike’s engineering team. A report from the Reddit platform states that a CrowdStrike update triggers widespread Windows crashes.
According to reports, users across various sectors have encountered BSOD errors on their Windows machines, which are attributable to the crashes caused by recent updates from CrowdStrike.
The problem seems widespread, affecting machines running different versions of the CrowdStrike sensor software.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
“We’re aware of a widespread issue causing BSOD errors on Windows machines across various sensor versions,” a CrowdStrike representative stated in a pinned forum message.
The company has acknowledged the problem and is actively investigating the root cause. The sudden crashes have disrupted business operations and personal computing, with many users expressing frustration over the unexpected downtime.
CrowdStrike’s forums have been inundated with reports and queries from affected users seeking solutions and updates.
CrowdStrike’s engineering team has been quick to respond to the crisis. According to a pinned thread on the company’s forum, the team has identified a content deployment related to the issue and reverted those changes.
This move is expected to mitigate further occurrences of the BSOD errors while a more permanent fix is developed. In the meantime, CrowdStrike has provided a workaround for users experiencing the crashes.
The recommended steps involve booting the affected Windows machine into Safe Mode or the Windows Recovery Environment, navigating to the C:\Windows\System32\drivers\CrowdStrike directory, locating the file matching “C-00000291*.sys”, and deleting it. Users can then boot their machines normally.
CrowdStrike has assured users that a detailed Technical Alert (TA) will be published shortly, providing more information about the issue and potential solutions. The pinned forum thread will remain active to offer users easy access to updates and support.
Some users have praised the company’s swift action and transparent communication, while others remain concerned about the potential for further disruptions.
“It’s reassuring to see CrowdStrike taking immediate steps to address the problem,” said one user. “But we hope for a more permanent solution soon.”
CrowdStrike’s engineering team continues to investigate the underlying cause of the issue, aiming to prevent similar incidents in the future.
The incident has highlighted the challenges of maintaining complex cybersecurity systems and the importance of rapid response mechanisms in mitigating the impact of such disruptions.
While the immediate impact has been significant, the company’s proactive measures and ongoing investigations offer hope for a swift resolution. Users are advised to follow the provided workaround steps and stay tuned for further updates from CrowdStrike.
To check if your CrowdStrike sensor version is affected by the BSOD issue and to possibly fix it, follow these steps:
Boot into Safe Mode:
F8
(or Shift + F8
) to open the Advanced Boot Options menu.Safe Mode
and press Enter.Check the CrowdStrike Falcon Sensor Version:
Win + R
, type cmd
, and press Enter. cd "C:\Program Files\CrowdStrike"
csfalconctl.exe -g --version
Check Installation Date:
C:\Program Files\CrowdStrike
csfalconctl.exe
file and select Properties
.Details
tab and look at the Date modified
field. If the installation date coincides with the onset of BSOD issues (around July 19, 2024), it’s likely the cause.Identify BSOD Error:
Boot Windows into Safe Mode or Windows Recovery Environment:
F8
(or Shift + F8
) to open the Advanced Boot Options menu.Safe Mode
and press Enter.Navigate to the CrowdStrike Directory:
C:\Windows\System32\drivers\CrowdStrike
Delete the File:
Delete
.Boot Normally:
These steps should help you identify and potentially resolve the BSOD issue related to the CrowdStrike Falcon sensor.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.
Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a disguised…
Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated attack…
The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in…
A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo Alto…
Threat Analysts have reported alarming findings about the "Araneida Scanner," a malicious tool allegedly based…
A major dark web operation dedicated to circumventing KYC (Know Your Customer) procedures, which involves…