CrowdStrike update bricking Windows machines around the world- How to Fix?

Your device ran into a problem and needs to restart. bsod

Introduction

In a recent turn of events, an update to a product from infosec vendor CrowdStrike has wreaked havoc on Windows machines worldwide. Users are reporting Blue Screen of Death (BSOD) errors, rendering their PCs unable to reboot. Let’s dive into the details and explore potential workarounds.

The Situation

What Happened?

– Windows 10 PCs are crashing due to a specific driver file called `csagent.sys`.
– Critical services are being affected, leading to widespread disruptions.
– Users are alarmed, and the issue is gaining attention.

CrowdStrike’s Response:

– CrowdStrike acknowledges the problem.
– They’ve issued an advisory with a cryptic URL: “Tech-Alert-Windows-crashes-related-to-Falcon-Sensor-2024-07-19.”
– Unfortunately, the advisory is behind a customer-only registration wall.

Symptoms and Impact

Symptoms:

– Hosts experience sudden BSOD errors tied to the Falcon Sensor.
– The culprit appears to be the `csagent.sys` file.
– Machines become unresponsive, leaving users frustrated.

Impact:

– Critical services are disrupted.
– Organizations face productivity losses.
– IT teams scramble to find solutions.

CrowdStrike’s Action Plan

Identifying the Issue:

– CrowdStrike’s engineering team traced the problem to a content deployment.
– They’ve pinpointed the changes causing the crashes.

Reverting Changes:

– CrowdStrike has rolled back the problematic updates.
– However, some hosts continue to crash.

Workaround Steps

If you’re affected by this issue, follow these steps:

1. Boot into Safe Mode or Recovery Environment:

– Restart your Windows machine.
– Press F8 during boot to access the Advanced Boot Options menu.
– Choose “Safe Mode” or “Windows Recovery Environment.”

2. Navigate to the CrowdStrike Directory:

– Once in Safe Mode, open File Explorer.
– Go to `C:\Windows\System32\drivers\CrowdStrike`.

3. Locate the Problematic File:

– Look for a file matching the pattern “C-00000291.sys.”
– Right-click on it and rename it to “C-00000291.renamed.”

4. Reboot Normally:

– Exit Safe Mode and restart your PC.
– Hopefully, the issue is resolved.

Conclusion

CrowdStrike is actively addressing the situation, but until a comprehensive fix is available, follow the workaround steps to keep your Windows machine operational. Stay tuned for updates, and remember to back up your data regularly!

Leave a Comment

Your email address will not be published. Required fields are marked *

Exit mobile version