Security News Crowdstrike update causes Windows Enterprise computer outage worldwide

SpiderWeb

SpiderWeb

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 21, 2020
615
Content source
https://www.abc.net.au/news/2024-07-19/technology-shutdown-abc-media-banks-institutions/104119960
A large number of major organizations around the world that rely on Crowdstrike Falcon for security have come to a screeching halt as the endpoint client received an update today. Affected workstations are greeted by a Blue Screen of Death caused by "csagent.sys", Crowdstrike Falcon system level driver.

Official announcement on their portal: https://supportportal.crowdstrike.c...s-crashes-related-to-Falcon-Sensor-2024-07-19
 
  • Wow
  • Like
  • +Reputation
Reactions: NUTRISALMINSA, RansomwareRemediation, simmerskool and 15 others
B

Browchay

New Member
Jul 19, 2024
1
Worldwide crash on Crowdstrike as they move into the ransomware business :-D

An older fix last time this happened .. Rename the win32 crowdstrike driver folder ... boost to safe mode and command prompt
 
  • Like
Reactions: Khushal and cartaphilus
A

Alexius

New Member
Jul 19, 2024
1
SpiderWeb said:
A large number of major organizations around the world that rely on Crowdstrike Falcon for security have come to a screeching halt as the endpoint client received an update today. Affected workstations are greeted by a Blue Screen of Death caused by "csagent.sys", Crowdstrike Falcon system level driver.

Official announcement on their portal: https://supportportal.crowdstrike.c...s-crashes-related-to-Falcon-Sensor-2024-07-19
Click to expand...
Can't access the support portal and my laptop won't start with their stupid error. So if you do have access to the support portal message copy pasta it here so we can see as well.
 
  • Like
Reactions: Khushal
N

narek138

New Member
Jul 19, 2024
5
Browchay said:
Worldwide crash on Crowdstrike as they move into the ransomware business :-D

An older fix last time this happened .. Rename the win32 crowdstrike driver folder ... boost to safe mode and command prompt
Click to expand...
A more detailed steps on that fix bro? Facing this issue at the moment.
 
  • Like
Reactions: Khushal
cartaphilus

cartaphilus

Level 12
Verified
Top Poster
Well-known
Mar 17, 2023
589
If you are running personal then yeah use any fix but if you are in corporate environment then I would wait for the official solution. It just happened so give them a few to hopefully push a patch?

Otherwise are you running bitlocker or any encryption at boot system?

If not then do you have access to another PC? There you can make a USB bootable Linux. Boot into it, navigate to crowd strike directory, find win32 folder and rename it to win23. Then restart the pc and boot into Windows.
 
  • Like
Reactions: simmerskool, Khushal, SpiderWeb and 1 other person
royalram8ram

royalram8ram

New Member
Jul 19, 2024
1
Alexius said:
Can't access the support portal and my laptop won't start with their stupid error. So if you do have access to the support portal message copy pasta it here so we can see as well.
Click to expand...
If you’re stuck in a Blue Screen of Death or Recovery loop, boot to the Safe mode and rename the crowdstrike folder c:\windows\system32\drivers\crowstrike to something else, and reboot your PC. This will resolve the Blue Screen of Death error.
 
  • Like
Reactions: Khushal
J

jalr85

New Member
Jul 19, 2024
1
Alexius said:
Can't access the support portal and my laptop won't start with their stupid error. So if you do have access to the support portal message copy pasta it here so we can see as well.
Click to expand...
 

Attachments

  • IMG_6814.jpeg
    IMG_6814.jpeg
    69.6 KB · Views: 223
  • Like
Reactions: Khushal
SpiderWeb

SpiderWeb

Level 13
Thread author
Verified
Top Poster
Well-known
Aug 21, 2020
615
narek138 said:
Okay, then i guess we will need to wait. Please post a fix here as well, Support portal is not working out for me.
Click to expand...
Apologies. I was trying to find a reliable and official source for a temporary solution. I think this Crowdstrike staff on Reddit is the best so far:



11:27 PM PT:

CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.

Workaround Steps:

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it.
  4. Boot the host normally.
Click to expand...

Support Forum message:

msg.png


Blue Screen of Death:

IMG_5102.jpg
 
Last edited:
  • Like
  • Applause
Reactions: simmerskool, Khushal, Jonny Quest and 2 others
R

Rogan

New Member
Jul 19, 2024
1

Workaround Steps:​

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it.
  4. Boot the host normally.
 
  • Like
Reactions: Khushal, narek138 and Trident
N

narek138

New Member
Jul 19, 2024
5
  • Like
Reactions: Khushal, Jonny Quest and SpiderWeb
Chesty Puller

Chesty Puller

New Member
Jul 19, 2024
1
Rogan said:

Workaround Steps:​

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it.
  4. Boot the host normally.
Click to expand...
I'm trying to get permission from my IT before I do that, I've been on hold for an hour now... This is gonna cost a lot of people a lot of money.
 
  • Like
Reactions: Khushal
techie92354

techie92354

New Member
Jul 19, 2024
1
SpiderWeb said:
A large number of major organizations around the world that rely on Crowdstrike Falcon for security have come to a screeching halt as the endpoint client received an update today. Affected workstations are greeted by a Blue Screen of Death caused by "csagent.sys", Crowdstrike Falcon system level driver.

Official announcement on their portal: https://supportportal.crowdstrike.c...s-crashes-related-to-Falcon-Sensor-2024-07-19
Click to expand...
Link on Crowdstrike website not publicly accessible. You have to have a support login.
 
  • Like
Reactions: Khushal and SpiderWeb

Similar threads

SeriousHoax
    • Like
    • +Reputation
    • Thanks
Security News Microsoft calls for Windows changes and resilience after CrowdStrike outage
Replies
0
Views
2,609
Security News
SeriousHoax
SeriousHoax
Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Security News CrowdStrike broke Debian and Rocky Linux months ago, but no one noticed
Replies
5
Views
3,497
Security News
cofer123
C
oldschool
    • +Reputation
    • Like
    • Thanks
Security News Microsoft Is Changing Windows to (Hopefully) Stop Another CrowdStrike
Replies
0
Views
1,618
Security News
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top