By Reports are currently rolling in from all over the world, that Windows machines, running Crowdstrike, run into the "Blue Screen of Death" after a Crowdstrike update on July 19. Current information shows that only machines running Microsoft Windows are affected.
Crowdstrike is a popular endpoint (workstation) protection and gained popularity over the last couple of years.
The bad update seems to be causing outages all over the world. As soon as the update is installed, the Windows Operating System fails and enters a Blue Screen.
Most organizations have Crowdstrike set to automatic updates. If it's not too late already, disable auto update in the Admin Portal, until Crowdstrike releases a fix.
Is CrowdStrike aware of this?
According to the (non-public) support portal, Crowdstrike is aware of the issue and are working on a fix.
CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor.
Symptoms include hosts experiencing a bugcheck/blue screen error related to the Falcon Sensor.
Our Engineering teams are actively working to resolve this issue and there is no need to open a support ticket.
What if a machine is already affected?
If the Crowdstrike update was already applied and caused a crash of a Windows machine, there is a workaround.
- Boot Windows into Safe Mode or start a Recovery Environment
- Navigate to the following directory: C:\Windows\System32\drivers\CrowdStrike
- Find the file named "C-00000291*.sys" and delete it (or rename to be safe)
- Windows should now boot correctly again
This workaround is not officially released by Crowdstrike and was not confirmed. Do this at your own risk.
