Your IT Department Might Need Your Help Fixing the CrowdStrike Outage
Businesses around the world woke up today to harsh news, as their fleets of Windows machines booted up to the dreaded “blue screen of death” error. The issue had nothing to do with a cyberattack or even failing hardware, but a faulty update issued by cybersecurity firm CrowdStrike.
Even worse, the fixes being shared right now mostly require intervention on a per-user basis, so it’s going to be a long day for IT. If you’re currently working on fixing your business’ fleet of Windows machines, or are getting a BSoD on your own company-issued device, here’s how people are solving the issue.
How to fix CrowdStrike's blue screen of death on your PC
First, CrowdStrike itself has already rolled back the update, but many machines are locking up before they receive the fix. There are two workarounds to this floating around the IT sphere this morning, but both are difficult to roll out automatically.
The simplest fix is the oldest one known to IT: Have you tried turning it off and back on again? Some IT professionals are reporting success with simply rebooting affected PCs over and over again. That’s because PCs will try to contact CrowdStrike’s servers for the fix before they get hit with a blue screen.
However, as the scale of the error means CrowdStrike’s servers are probably getting millions of requests at once, there’s no guarantee you’ll be high enough in line to get the fix before your PC locks up. You could be rebooting for a while.
The second solution is more reliable, but could be complicated based on how your business handles remote work and disk encryption.
In a guide posted by CrowdStrike, users are instructed to do the following:
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the CrowdStrike directory, usually found in C:\Windows\System32\drivers\CrowdStrike
- Delete the file named “C-00000291*sys”
- Reboot the computer
This will get rid of the file causing the issue, but comes with its own caveats. The biggest problem is that putting a PC into Safe Mode or a recovery environment usually requires physical access to the device, so IT can’t just issue a mass update and be done with it. Also, even if users get in, they may not have the needed admin rights to delete the faulty file.
But there are also issues with BitLocker disk encryption, which if enabled, will require you to log into your Microsoft account and grab a recovery key before you can move on with the fix—something users on company PCs may not have access to.
Still, even if you’re not in your company's IT department, pay attention to any messages they may be sending out right now. Your friendly neighborhood tech nerds could need your help to get your PC back up and running.
Meanwhile, CrowdStrike is busy running damage control, with CEO George Kurtz appearing in an NBC News interview to say “It could be some time for some systems that won’t automatically recover, but it is our mission to make sure every customer is fully recovered.”
Despite CrowdStrike's efforts to roll back the faulty update, some machines are still encountering the blue screen of death before receiving the fix. Some IT professionals are managing to resolve this issue by repeatedly rebooting the affected PCs, as they attempt to contact CrowdStrike's servers for the fix before the blue screen appears.
If you're experiencing the blue screen issue on a PC with BitLocker disk encryption, you'll need to log into your Microsoft account and retrieve a recovery key to proceed with the fix, as physical access to the device might be required.