Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Software

CrowdStrike file update bricks Windows machines around the world

Falcon Sensor putting hosts into deathloop - but there's a workaround

Simon Sharwood Fri 19 Jul 2024  //  06:46 UTC

Updated An update to a product from infosec vendor CrowdStrike is bricking computers running Windows globally.

The Register has found numerous accounts of Windows 10 PCs crashing, displaying the Blue Screen of Death, then being unable to reboot.

“We're seeing BSOD Org wide that are being caused by csagent.sys, and it's taking down critical services. I'll open a ticket, but this is a big deal,” wrote one user.

Forums report that Crowdstrike has issued an advisory with a URL that includes the text "Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19" – but it's behind a regwall that only customers can access.

An apparent screenshot of that article reads "CrowdStrike is aware of reports of crashes on Windows hosts related to the Falcon Sensor. Symptoms include hosts experiencing a bugcheck\blue screen error related to the Falcon Sensor."

CrowdStrike's engineers are working on the issue.

Falcon Sensor is an agent that CrowdStrike claims "blocks attacks on your systems while capturing and recording activity as it happens to detect threats fast."

Right now, however, the sensor appears to be the threat.

This is a developing story and The Register will update it as new info comes to hand. ®

Updated at 0730 UTC to add

Brody Nisbet, CrowdStrike's chief threat hunter, has confirmed the issue and on X posted the following:

There is a faulty channel file, so not quite an update. There is a workaround...

1. Boot Windows into Safe Mode or WRE.

2. Go to C:\Windows\System32\drivers\CrowdStrike

3. Locate and delete file matching "C-00000291*.sys"

4. Boot normally.

In a later post he wrote "That workaround won't help everyone though and I've no further actionable help to provide at the minute".

Lots more here ...
Send us news
550 Comments

Delta Air Lines class action cleared for takeoff over CrowdStrike chaos

Judge allows aspects of passenger lawsuit to proceed

Free Blue Screens of Death for Windows 11 24H2 users

Microsoft rewards those who patch early with bricks hurled through its operating system

Microsoft is redesigning the Windows BSoD to get you back to work ‘as fast as possible’

How about making sure OS crashes less, stops hassling us to use Edge? That would improve productivity, too

How NOT to f-up your security incident response

Experts say that the way you handle things after the criminals break in can make things better or much, much worse

Garmin pulls a CrowdStrike, turns smartwatches into fancy bracelets

Blue Screen of Death becomes the Blue Triangle of Doom for your wrist

CrowdStrike still doesn't know how much its Falcon flame-out will cost

Thinks customers may have forgiven it after revenue hits a record

Delta officially launches lawyers at $500M CrowdStrike problem

Legal action comes months after alleging negligence by Falcon vendor

Financial institutions told to get their house in order before the next CrowdStrike strikes

Calls for improvements will soon turn into demands when new rules come into force

Azure VMs ruined by CrowdStrike patchpocalypse? Microsoft has recovery tips

Have you tried turning it off and on again, like, a bunch?

Second NHS IT system confirmed to be affected by CrowdStrike issues

Cancer treatments are in jeopardy across multiple healthcare facilities

CrowdStrike's Blue Screen blunder: Could eBPF have saved the day?

Grafana Labs CTO looks at the options

The months and days before and after CrowdStrike's fatal Friday

'In the short term, they're going to have to do a lot of groveling'