Crowdstrike update causes Windows Enterprise computer outage worldwide

SpiderWeb

SpiderWeb

Level 13
Thread author
Verified
Top Poster
Well-known
Forum Veteran
Aug 21, 2020
617
1
3,914
1,169
United States
Content source
https://www.abc.net.au/news/2024-07-19/technology-shutdown-abc-media-banks-institutions/104119960
A large number of major organizations around the world that rely on Crowdstrike Falcon for security have come to a screeching halt as the endpoint client received an update today. Affected workstations are greeted by a Blue Screen of Death caused by "csagent.sys", Crowdstrike Falcon system level driver.

Official announcement on their portal: https://supportportal.crowdstrike.c...s-crashes-related-to-Falcon-Sensor-2024-07-19
 
  • Wow
  • Like
  • +Reputation
Reactions: NUTRISALMINSA, RansomwareRemediation, simmerskool and 15 others
Worldwide crash on Crowdstrike as they move into the ransomware business :-D

An older fix last time this happened .. Rename the win32 crowdstrike driver folder ... boost to safe mode and command prompt
 
  • Like
Reactions: Khushal and cartaphilus
SpiderWeb said:
A large number of major organizations around the world that rely on Crowdstrike Falcon for security have come to a screeching halt as the endpoint client received an update today. Affected workstations are greeted by a Blue Screen of Death caused by "csagent.sys", Crowdstrike Falcon system level driver.

Official announcement on their portal: https://supportportal.crowdstrike.c...s-crashes-related-to-Falcon-Sensor-2024-07-19
Click to expand...
Can't access the support portal and my laptop won't start with their stupid error. So if you do have access to the support portal message copy pasta it here so we can see as well.
 
  • Like
Reactions: Khushal
Browchay said:
Worldwide crash on Crowdstrike as they move into the ransomware business :-D

An older fix last time this happened .. Rename the win32 crowdstrike driver folder ... boost to safe mode and command prompt
Click to expand...
A more detailed steps on that fix bro? Facing this issue at the moment.
 
  • Like
Reactions: Khushal
If you are running personal then yeah use any fix but if you are in corporate environment then I would wait for the official solution. It just happened so give them a few to hopefully push a patch?

Otherwise are you running bitlocker or any encryption at boot system?

If not then do you have access to another PC? There you can make a USB bootable Linux. Boot into it, navigate to crowd strike directory, find win32 folder and rename it to win23. Then restart the pc and boot into Windows.
 
  • Like
Reactions: simmerskool, Khushal, SpiderWeb and 1 other person
Alexius said:
Can't access the support portal and my laptop won't start with their stupid error. So if you do have access to the support portal message copy pasta it here so we can see as well.
Click to expand...
If you’re stuck in a Blue Screen of Death or Recovery loop, boot to the Safe mode and rename the crowdstrike folder c:\windows\system32\drivers\crowstrike to something else, and reboot your PC. This will resolve the Blue Screen of Death error.
 
  • Like
Reactions: Khushal
Okay, then i guess we will need to wait. Please post a fix here as well, Support portal is not working out for me.
 
  • Like
Reactions: Khushal
Go into in safe mode, or CMD : C:\Windows\System32\Drivers. Rename Crowdstrike to Crowdstrike_something. Start windows
 
  • Like
Reactions: Khushal
Alexius said:
Can't access the support portal and my laptop won't start with their stupid error. So if you do have access to the support portal message copy pasta it here so we can see as well.
Click to expand...
 

Attachments

  • IMG_6814.jpeg
    IMG_6814.jpeg
    69.6 KB · Views: 312
  • Like
Reactions: Khushal
narek138 said:
Okay, then i guess we will need to wait. Please post a fix here as well, Support portal is not working out for me.
Click to expand...
Apologies. I was trying to find a reliable and official source for a temporary solution. I think this Crowdstrike staff on Reddit is the best so far:



11:27 PM PT:

CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.

Workaround Steps:

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it.
  4. Boot the host normally.
Click to expand...

Support Forum message:

msg.png


Blue Screen of Death:

IMG_5102.jpg
 
Last edited:
  • Like
  • Applause
Reactions: simmerskool, Khushal, Jonny Quest and 2 others

Workaround Steps:​

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it.
  4. Boot the host normally.
 
  • Like
Reactions: Khushal, narek138 and Trident
  • Like
Reactions: Khushal, Jonny Quest and SpiderWeb
Rogan said:

Workaround Steps:​

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it.
  4. Boot the host normally.
Click to expand...
I'm trying to get permission from my IT before I do that, I've been on hold for an hour now... This is gonna cost a lot of people a lot of money.
 
  • Like
Reactions: Khushal
SpiderWeb said:
A large number of major organizations around the world that rely on Crowdstrike Falcon for security have come to a screeching halt as the endpoint client received an update today. Affected workstations are greeted by a Blue Screen of Death caused by "csagent.sys", Crowdstrike Falcon system level driver.

Official announcement on their portal: https://supportportal.crowdstrike.c...s-crashes-related-to-Falcon-Sensor-2024-07-19
Click to expand...
Link on Crowdstrike website not publicly accessible. You have to have a support login.
 
  • Like
Reactions: Khushal and SpiderWeb
You must log in or register to reply here.

You may also like...