Debug School

Cover image for Windows CrowdStrike BSOD Workaround
Suyash Sambhare
Suyash Sambhare

Posted on • Updated on

Windows CrowdStrike BSOD Workaround

Computer security company CrowdStrike is linked to a major IT outage affecting banks, airports, supermarkets and businesses across the world. Thousands of Windows machines are experiencing a Blue Screen of Death (BSOD) issue at boot today, impacting banks, airlines, TV broadcasters, supermarkets, and many more businesses worldwide. A faulty update from cybersecurity provider CrowdStrike is knocking affected PCs and servers offline, forcing them into a recovery boot loop so machines can’t start properly. CrowdStrike is widely used by many businesses worldwide for managing the security of Windows PCs and servers.

Airport check-in systems across the globe have been disrupted and businesses have reported the "blue screen of death" and IT outages.

A technical issue, reportedly related to a US-based cybersecurity firm named CrowdStrike, caused computers running Microsoft software across the globe to glitch on Friday.

The global outage impacted a raft of companies and government agencies, causing many computers to attempt to restart and display a blue-screen error message (BSOD).

CrowdStrike

CrowdStrike is a US-based American cybersecurity firm that helps companies manage their security in "IT environments" — that is, everything they use an internet connection to access.

Its primary function is to protect companies and stop data breaches, ransomware and cyber-attacks.

It includes among its main customers global investment banks, universities and other organizations.

The cybersecurity environment has changed rapidly in recent years due to the increased presence of threat actors targeting big business, including Ticketmaster, Medibank and Optus.

As a result, more and more companies are turning towards firms like CrowdStrike to protect their customers' information.

CrowdStrike Falcon

One of the company's main products is CrowdStrike Falcon, which is described on its website as "providing real-time indicators of attack, hyper-accurate detection and automated protection" from possible cyber security threats.

CrowdStrike Falcon is used by thousands of companies across the world to protect data, and a crash of their server on Friday is believed to be the cause of a global outage of Microsoft products.

Earlier this week, CrowdStrike announced an update of its Falcon product, saying it would provide "unprecedented speed and precision" to detect security breaches.

In a statement posted to its website following the outage, a CrowdStrike spokesperson said it was likely an issue with the Falcon product that caused the incident.

CrowdStrike

Workarounds

Developer websites have already begun posting workarounds for the issue, and CrowdStrike the company offered a solution on its members-only platform until the incident resolves.

CrowdStrike is yet to issue a formal statement about the fall-out from the outage.

However, some workarounds include the following:

  • Boot Windows into Safe Mode or the Windows Recovery Environment
  • Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  • Locate the file matching C-00000291*.sys, and delete it.
  • Boot the host normally.

Boot in Safe Mode

Here are the steps to boot into safe mode. These steps are the same for Windows 10 & Windows 11.

Before you enter safe mode, you need to enter the Windows Recovery Environment (winRE). To do this, you will repeatedly turn your device off, then on.

  1. Hold down the power button for 10 seconds to turn off your device.
  2. Press the power button again to turn on your device.
  3. On the first sign that Windows has started (for example, some devices show the manufacturer’s logo when restarting) hold down the power button for 10 seconds to turn off your device.
  4. Press the power button again to turn on your device.
  5. When Windows restarts, hold down the power button for 10 seconds to turn off your device.
  6. Press the power button again to turn on your device.
  7. Allow your device to fully restart. You will enter winRE.
  8. Once you are in winRE, on the Choose an option screen, select Troubleshoot > Advanced options > Startup Settings > Restart.
  9. After your device restarts, you'll see a list of options. Select option 5 from the list or press F5 for Safe Mode with Networking.

Ref: https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/

Top comments (0)