The world is still recovering from one of history’s most disruptive IT outages. Millions of critical Windows-based systems across the globe are experiencing the dreaded Blue Screen of Death (BSOD). The system crashes affect banks, airlines, emergency services, supermarkets, and businesses, putting computers into an endless boot loop with no immediate recovery means.
3VIEW GALLERY – 3 IMAGES
The issue was quickly traced to CrowdStrike, which creates security software. An update to its popular security platform, Falcon, broke, leading to one of history’s most extensive IT failures. The ‘Falcon Sensor’ component critically failed, resulting in no access to Windows. Critical systems used for point of sale, emergency services like 911, and airlines managing flights were rendered useless.
With the affected systems being Windows PCs, many have pointed fingers at Microsoft. However, the issue looks specific to CrowdStrike software and its update to ‘Falcon Sensor.’ So then, how did this crash Windows when other apps that fail Crash to Desktop (CTD)? And how can you fix the CrowdStrike BSOD issue? Let’s dig in.
Here’s what caused the CrowdStrike Windows BSOD issue
- CrowdStrike Falcon is cybersecurity software designed to identify threats to a system and network and effectively block them. As such, the Falcon Sensor component runs in Kernel Mode, a low-level system-level process with unrestricted access to hardware.
- Most applications and pieces of software run in User Mode with limited CPU and Memory access, so when processes run in Kernel Mode, issues can cause system-wide crashes.
- This is called Kernel Panic, when Windows cannot recover from failure, causing a crash and, in this case, a BSOD shutdown. The faulty driver has been identified for Falcon Sensor, starting with “C-00000291” and ending in .sys, where it has been found addressing invalid memory space.
- Device drivers like this load during PC startup when the computer boots up, making the CrowdStrike Falcon particularly noteworthy as Windows cannot start up correctly. And so what should have been a simple update to CrowdStrike Falcon and the Falcon Sensor component has led to millions of PCs being affected.
- The good news is that there’s an easy fix that requires accessing the Windows Recovery Environment or Windows RE.
How to fix the CrowdStrike Windows BSOD issue
As our article outlines, you need to enter the Windows Recovery Environment.
- To enter Windows Recovery, you must force multiple failed start-up attempts by holding the power button to switch off the PC when you see the first boot-up screen or logo.
- Repeat this process twice, and you’ll be presented with the Windows Recovery Environment screen.
- Select Troubleshoot, Advanced Options, Startup Settings, and Restart from the options.
- Press F5 or select Option 5 to boot the computer in Safe Mode with Networking.
- Once in Safe Mode, open File Manager
- On the main drive ‘C’ head to Windows, the System32 folder, drivers, and CrowdStrike (C:WindowsSystem32driversCrowdStrike)
- Delete files starting with “C-00000291” and ending in .sys
- Reboot the PC, and Windows should start as usual.