The Great CrowdStrike Crash and How to Fix It
Jul 22, 2024
2 min read
A recent faulty update from the cyber security company CrowdStrike resulted in widespread Windows system crashes, impacting businesses globally. The issue caused Blue Screens of Death (BSOD) and has disrupted Windows workstations and servers alike, preventing them from booting normally. The bug only impacts devices using CrowdStrike's EDR software.
Early estimates suggest this could be the single largest IT failure in history. CrowdStrike CEO George Kurtz released the following official statement on Twitter:
CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified, isolated and a fix has been deployed. We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.
Source: X.Com
The steps to fix the issue on affected systems are simple enough, but difficult to implement at scale for larger organisations. It is estimated that it will take many weeks for the problem to be resolved globally, as organisations scramble their IT teams to try and recover.
Remediation Steps For Physical Systems (e.g. Desktops/Laptops):
Boot into Safe Mode.
Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
Find the file named "C-00000291*.sys" and delete it.
Restart the device
For more information on this issue and how to resolve it for Azure and AWS VMs, please see the Qualys Security Blog:
Global Outage Alert: Windows BSOD Crisis Following CrowdStrike Update – Recovery Steps & Qualys Assurance [qualys.com]