Resolving the Major Windows Blue Screen of Death (BSOD) Issue with CrowdStrike

This primarily impacted software products used by government and private organizations to protect their computers from cyber attacks and malware. Regular Windows users were not significantly affected.

The Incident

A faulty update to CrowdStrike's Falcon Sensor caused widespread system instability- Users experienced frequent crashes, boot loops, and BSODsThe issue required manual intervention, complicating the fix

The Impact

Exposed a critical single point of failure in essential services- Affected numerous sectors, including aviation and banking- Highlighted the vulnerability of Windows-dependent systems

To fix the CrowdStrike/BSOD issue that has been affecting many Windows users, follow these detailed steps,

Boot into Safe Mode or Windows Recovery Environment,

• Restart your Windows machine.
• Press and hold the F8 key (or Shift + F8) during boot to enter the Advanced Boot Options menu.
• Select "Safe Mode" or "Repair your computer" to access the Windows Recovery Environment.

Access the CrowdStrike Directory

• Once in Safe Mode or the Windows Recovery Environment, open File Explorer.
• Navigate to the following directory: C:\Windows\System32\drivers\CrowdStrike.

Identify and Delete the Problematic File:

Method 1

• In the CrowdStrike directory, look for a file that matches the pattern "C-00000291*.sys". This file is known to cause the BSOD issue.
• Delete this file. You might need administrative privileges to perform this action.

Method 2

Go to the following directory: C:\Windows\System32\drivers.

In the driver's directory, locate the CrowdStrike file causing the issue.

Rename this file by adding "_old" to its name (e.g., CrowdStrike to CrowdStrike_old.).

Restart the Computer

• After deleting the problematic file, restart your computer normally.
• The BSOD issue should be resolved, and your system should boot without errors

Additional Resources

• Technical Assistance: For more detailed instructions and assistance, refer to this post by the Technical Assistance team: LinkedIn Post.
• Community Discussion: A discussion thread related to this issue can be found on Reddit, where users share their experiences and solutions: Reddit Article.
• Latest Updates: Stay informed about any new developments or updates regarding this issue by visiting: Update Link.

For IT Administrators

• Consider pushing out the fix via group policy or other management tools to affected systems.
• Monitor your network for systems experiencing this issue and prioritize remediation.

As this is an evolving situation, it's crucial to stay informed about the latest developments and official recommendations from CrowdStrike and Microsoft. Check the provided links for the most up-to-date information and any official patches or fixes that may become available.

#windows #crowdstrike