On July 19, 2024, the dismaying “Blue Screen of Death” (BSOD) occurred on all Windows devices. Users all over the world have struggled as a result as their devices were not booting up properly.
Microsoft stated that the international disruption was due to an issue with CrowdStrike’s EDR Falcon Sensor software, which caused widespread crashes of Microsoft Windows systems.
Endpoint Detection and Response (EDR) is cybersecurity software that companies use to protect clients’ computers from attacks. It runs in the background, watching for signs of threats within their networks.
The problem started after a recent update to CrowdStrike’s Falcon Sensor, causing Windows PCs to crash with BSOD. This screen shows a serious error that forces the computer to restart, which can lead to data loss.
This disruption affected various industries across the globe, including airlines, banks, and supermarkets. Major US airlines couldn’t operate flights due to communication issues. Businesses in other countries also reported being unable to access their computers or workstations.
Cybercrime Investigation and Coordinating Center (CICC) shared in its Public Advisory some recommendations on how to fix the issue.
For affected users:
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
For those using virtual servers:
- Detach the operating system disk volume from the impacted virtual server
- Create a snapshot or backup of the disk volume before proceeding further as a precaution against unintended changes
- Attach/mount the volume to a new virtual server
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Detach the volume from the new virtual server
- Reattach the fixed volume to the impacted virtual server
To prevent more problems, it’s important to quickly disconnect affected devices from the main network. Additionally, users should avoid shutting down, hibernating, or restarting their laptops, as this could cause permanent data loss.
CrowdStrike assured that unaffected Windows hosts don’t need any action, as the problematic file has been reverted.
Fortunately, CrowdStrike has released a new update that fixes the earlier issues. Devices may need to reboot after receiving this update to resolve the blue screen problems.
Leave a comment