On July 18 in the evening hours, there was an update from CrowdStrike that resulted eventually in mass Blue Screen of Death (BSoD) on Windows machines around the world. First believed to be a Microsoft issue that only impacted Azure and Office365, CrowdStrike later confirmed their recently updated Falcon Sensor, designed for detecting and responding to threats across endpoints.
CrowdStrike has acknowledged its part in this and has released a workaround shade fix on the issue. Moreover, other complaints arise as new time zones light up.
More About CrowdStrike Update and BSoD Outage
Update 05:49 PDT
According to Microsoft’s suggested fix up to 15 restarts are required for a Windows Client or Server VM running on its Azure platform. This caused a BSoD bug which could result in a reboot loop for your VM if it had the CrowdStrike Falcon agent installed.
Update 04:58 PDT
In an apology aired on NBC News, CrowdStrike President and CEO George Kurtz has offered apologies for the international incident following The Falcon Sunburst release. He apologized to customers and industries that had been hit by the blackout.
Update 04:11 PDT
Brody Nisbet, director of threat hunting at CrowdStrike offered a workaround for those that want to act fast:
- Boot Windows into Safe Mode or Windows Recovery Environment (WRE).
- Navigate to C:\Windows\System32\drivers\CrowdStrike.
- Delete the file named “C-00000291*.sys”.
- Boot Windows normally.
Microsoft announced the resolution of its app issue but also said some users could still experience side effects in the next few hours.
Update 02:51 PDT
In a statement on X (formerly Twitter), George Kurtz clarified that the issue stemmed from a defect in a content update for Windows hosts, affecting only Windows devices. He emphasized that there were no security breaches or cyberattacks involved, and advised customers to use official support channels.
Financially, CrowdStrike’s shares fell sharply, and Microsoft also saw a decline. Reports indicate that CrowdStrike has lost about 21% of its market value, though this is yet to be officially confirmed.
Update 02:01 PDT
Microsoft has now confirmed this issue is caused by a third-party update and is currently a background process to CrowdStrike services. Microsoft said it expects the issue to be resolved shortly.
The widespread outage has hit multiple sectors, such as airports, stock exchanges, and medical services. No one is suggesting a cyber attack, the issue seems to be down faulty update. The disruption appears to revolve around the Falcon Sensor by CrowdStrike, an agent that is used for the detection of malicious activity.
The fix Brody Nisbet has discovered is to delete a certain file manually to stop the BSoD from occurring, but this workaround will only have an effect on devices one at a time.
FAQs
What caused the BSoD issue?
The BSoD issue was caused by a recent update to CrowdStrike’s Falcon Sensor.
How can I fix the problem?
Boot into Safe Mode, delete the file “C-00000291*.sys” from C:\Windows\System32\drivers\CrowdStrike, and restart your computer.
