Docs

Windows Systems Crash After Faulty CrowdStrike Update

July 22, 20242 min read

The recent computer outages caused by a faulty CrowdStrike software update have significantly impacted various sectors, including airports, emergency systems, hospitals, and Microsoft 365 users. Here is a simplified explanation with more details for clarity:

8 Reasons

What Happened?

A recent update from CrowdStrike caused many Windows systems to crash and display a blue screen error. This was not a cyberattack or security breach but a problem with the update itself.


Affected Sectors

  • Airports

  • Emergency systems

  • Hospitals

  • Microsoft 365 users


These sectors are struggling without access to their networks and data, which they rely on for daily operations.


CrowdStrike's Response

CrowdStrike has identified the issue and is providing updates and potential fixes through their support portal. They recommend following official channels to avoid misinformation and potential exploitation by cybercriminals.


Steps to Fix the Issue

If your customers are experiencing the blue screen error, CrowdStrike suggests the following steps:

1. Boot Windows into Safe Mode or the Windows Recovery Environment.

2. Navigate to "C:\Windows\System32\drivers\CrowdStrike".

3. Delete the file matching "C-00000291*.sys".

4. Reboot the system normally.


Additional Guidance


  • Do not attempt any fixes unless authorized by your IT or cybersecurity team. These steps should only be performed by qualified personnel.

  • Some users may need a local admin account to complete step 1, which might be disabled for security reasons. Check the CrowdStrike Windows Host Update Page for further instructions.

  • Ensure all communications are through official CrowdStrike channels to avoid misinformation.


Why Some Customers Are Not Affected

Some providers delay updates to assess their impact before deployment. For example, Cybersafe reviews updates carefully to minimize risks. Customers using different cybersecurity providers or policies may not be affected by this update.


Importance of Redundancy and Backups

Even with the best practices, unexpected issues like this can occur. Encourage your customers to have robust backup and redundancy strategies to ensure business continuity and minimize the impact of such incidents.


Business Risk and Risk Management

Mistakes can happen even with well-respected companies. It's crucial for businesses to have a structured approach to risk management, including identifying, assessing, and mitigating potential threats. No single product can guarantee complete safety, so it's essential to have comprehensive policies and strategies in place.


By following these steps and maintaining open communication with trusted vendors, organizations can navigate this outage more effectively and minimize disruptions to their operations.


Citations:

[1] https://www.crowdstrike.com/blog/technical-details-on-todays-outage/

[2] https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts/

[3] https://www.crowdstrike.com/blog/our-statement-on-todays-outage/

[4] https://techcrunch.com/2024/07/19/faulty-crowdstrike-update-causes-major-global-it-outage-taking-out-banks-airlines-and-businesses-globally/

[5] https://www.cnbc.com/2024/07/19/what-is-crowdstrike-crwd-and-how-did-it-cause-global-it-outages.html


Back to Blog