| ⓘ This advisory addresses a recent update to CrowdStrike’s Falcon sensor which has led to widespread Blue Screen of Death errors. |
Attention Microsoft service users:
A recent update to CrowdStrike’s Falcon sensor has led to widespread Blue Screen of Death (BSOD) errors on Windows hosts, resulting in disruptions locally to several services, including payment processing, and global disruptions. CrowdStrike has deployed a fix for this issue and recommends that customers visit the support portal for the latest updates.
| Workarounds |
Individual Hosts:
- Boot into Safe Mode or Windows Recovery Environment.
- Navigate to C:\Windows\System32\drivers\CrowdStrike.
- Delete the file matching “C-00000291*.sys”.
- Reboot your system.
Cloud or Virtual Environments:
Option 1:
- Detach the operating system disk volume from the impacted virtual server.
- Create a snapshot or backup of the disk volume.
- Attach/mount the volume to a new virtual server.
- Navigate to the %WINDIR%\System32\drivers\CrowdStrike directory.
- Locate and delete the file matching “C-00000291*.sys”.
- Detach the volume from the new virtual server.
- Reattach the fixed volume to the impacted virtual server.
Option 2:
- Roll back to a snapshot taken before 0409 UTC.
|
We will continue to update, as we know more. Should you need any cybersecurity assistance, please do not hesitate to reach out to us at [email protected] or at https://www.cirt.bs/report/.
For the latest information on this issue, please visit:
Best,
|
