Current Fixes for the CrowdStrike Outage May Require Some User Intervention

Businesses globally are grappling with a widespread issue today as their Windows machines encounter the dreaded “blue screen of death” (BSoD). This problem stems not from a cyberattack or failing hardware, but a faulty update issued by cybersecurity firm CrowdStrike. As IT departments scramble to address the situation, users may need to pitch in. Here’s how you can help if your company’s IT team is working on this issue or if you’re experiencing it yourself.

Understanding the CrowdStrike Outage

On July 19, 2024, a defective update to the CrowdStrike Falcon agent led to significant disruptions. The update contained a logic bug that caused connectivity issues and system crashes, resulting in the BSoD on numerous Windows machines. This has affected various sectors, from airlines and banking to media, causing widespread operational challenges.

Immediate Fixes from CrowdStrike

CrowdStrike quickly rolled back the faulty update, but many machines are not receiving the fix due to lockups before the update can be applied. IT departments are resorting to two primary workarounds to resolve the issue:

1. Rebooting: The simplest method involves repeatedly rebooting the affected PCs. This allows the machines to contact CrowdStrike’s servers for the fix before encountering the BSoD. However, due to the high volume of requests, this may require multiple attempts.
2. Manual Deletion in Safe Mode: A more reliable fix requires booting the PC into Safe Mode or the Windows Recovery Environment, navigating to the CrowdStrike directory (usually C:\Windows\System32\drivers\CrowdStrike), and deleting the file named “C-00000291*sys”. This approach requires physical access to the device and administrative rights, which can be challenging, especially with remote work setups and disk encryption.

Steps for Users to Help IT Departments

If you’re experiencing the BSoD and want to assist your IT department, here are some steps you can take:

1. Reboot Your PC: Start by rebooting your PC multiple times to see if it can successfully connect to CrowdStrike’s servers and receive the fix. Be patient, as this process might take several attempts.
2. Access Safe Mode: If rebooting doesn’t work, try booting your PC into Safe Mode. You can do this by restarting your PC and pressing F8 (or Shift + F8) before Windows starts. Select “Safe Mode” from the options.
3. Delete the Faulty File: Once in Safe Mode, navigate to the CrowdStrike directory and delete the file “C-00000291*sys”. You will need administrative rights to perform this action.
4. BitLocker Considerations: If your disk is encrypted with BitLocker, you’ll need your recovery key. This can be obtained from your Microsoft account. Ensure you have access to this key before proceeding with the fix.

Communication with IT

Stay updated with any communications from your IT department. They might provide specific instructions or request your assistance in implementing the fixes. Your proactive approach can help expedite the resolution process, minimizing downtime for your business.

CrowdStrike CEO George Kurtz has addressed the issue publicly, apologizing for the disruption and assuring customers that every effort is being made to fully recover all affected systems. The company is enhancing its updated testing protocols to prevent similar issues in the future. They are also improving communication channels to provide timely updates during incidents, ensuring customers are well-informed.

The CrowdStrike outage underscores the importance of robust testing for software updates and the need for transparent communication during crises. This incident has highlighted the critical role of IT departments and the value of user cooperation in resolving widespread technical issues.

The CrowdStrike outage of July 2024 serves as a reminder of the complexities of cybersecurity and the importance of continuous improvement in update processes. By understanding the issue and taking proactive steps to assist IT departments, businesses can navigate such challenges more effectively. CrowdStrike’s response and future preventive measures aim to enhance the reliability and security of their services, ensuring smoother operations for businesses worldwide.