There’s a global outage today as Microsoft Windows PCs crashed and cannot start, with users and organisations staring at the infamous Blue Screen of Death issue (BSOD). The global outage was caused by a faulty update pushed out by CrowdStrike, a security platform.
It’s still early, but there is a solution or a workaround for the issue. In this article, we look at how to fix the BSOD issue and what caused this global outage, which has halted the world and impacted several industries.
What is the Microsoft Windows BSOD Issue?
Microsoft Windows users worldwide are experiencing the Blue Screen of Death. Laptops and PCs cannot boot up. This issue has caused widespread Windows outages worldwide, and many industries, including airlines, banking, media, stock exchanges, IT companies, and more, are at a standstill. In many cases, hospitals are unable to function as well.
CrowdStrike has now issued a statement on the same. The statement, which was also posted on the company’s X handle, reads: “CrowdStrike is actively working with customers impacted by a defect found in a single content update for Windows hosts. Mac and Linux hosts are not impacted. This is not a security incident or cyberattack. The issue has been identified and isolated, and a fix has been deployed.”
“We refer customers to the support portal for the latest updates and will continue to provide complete and continuous updates on our website. We further recommend organizations ensure they’re communicating with CrowdStrike representatives through official channels. Our team is fully mobilized to ensure the security and stability of CrowdStrike customers.”
Microsoft CEO Satya Nadella also put out a statement on X, that reads, “Yesterday, CrowdStrike released an update that began impacting IT systems globally. We are aware of this issue and are working closely with CrowdStrike and across the industry to provide customers technical guidance and support to safely bring their systems back online.”
What is the CrowdStrike issue?
The widespread issue with Microsoft Windows is caused by a cybersecurity platform called CrowdStrike. The defect is with the Falcon Sensor in the platform, as per the official CrowdStrike support article. The article is locked behind the Login wall, but users have posted screenshots of the article on X.
Falcon Sensor isn’t a hardware sensor but part of the CrowdStrike platform. According to Microsoft Regional Director Troy Hunt, CrowdStrike is a security platform with different cyber security products, such as EDR, which is end-point protection. As Hunt explained in his thread on X.com, think of this as an advanced version of the good old antivirus.
More importantly, as Troy has pointed out, this is not a Microsoft outage but a CrowdStrike outage. CrowdStrike is widely used by big businesses worldwide and affects major industries. As Hunt points out, the problem is that the CrowdStrike software has privileged access to machines.
As an advanced security platform, these software are continuously auto-updated to fight the latest threats. They also operate with higher privileges to mitigate the threats, which can backfire if something goes wrong with that program, and that’s exactly what happened here. And this one particular update has gone horribly wrong and shut down the world.
Check out Hunt’s posts below:
They also usually operate in what we’d call a “privileged” space on your machine, that is they have very broad-reaching control in order to detect and mitigate risks. That also means that if something goes wrong with an update, it’s able to catastrophically nuke your machine.
— Troy Hunt (@troyhunt) July 19, 2024
To clarify further, Troy Hunt isn’t a Microsoft employee; he is one of the independent regional directors. However, Hunt is also known for his expertise in cybersecurity.
How to Fix Microsoft Windows BSOD Issue Caused by CrowdStrike
The CrowdStrike subreddit has posted a fix under the issue’s official thread, and the moderator has pinned the workaround.
Here are the workaround steps:
- Boot Windows into Safe Mode or the Windows Recovery Environment in your system.
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate all the files matching “C-00000291*.sys”
- Delete the files.
This reverses the latest update.
NOTE: This fix is meant for IT admins. If you’re on a work laptop, you need administrator privileges to access Safe Mode in Windows. This means that you won’t be able to log in with your employee account for these Workaround steps to work.
These steps are first posted to the CrowdStrike Support Portal but locked behind a login page. You can view the page after logging in as an IT admin. CrowdStrike’s Director of Overwatch, Brody on X, has acknowledged the fix.
There is a faulty channel file, so not quite an update.
There is a workaround…
1. Boot Windows into Safe Mode or WRE.
2. Go to C:\Windows\System32\drivers\CrowdStrike
3. Locate and delete file matching “C-00000291*.sys”
4. Boot normally.1/2
— Brody (@brody_n77) July 19, 2024
The Indian Computer Emergency Response (Cert-In) has also acknowledged the same fix and issued an advisory for all Indian citizens facing the issue. The Honorable Union Minister of India for Railways, Information and Broadcasting, Ashwini Vaishnaw, has announced this advisory via X.
CERT-In advisory on the outage of Microsoft. https://t.co/QFo6oGqlCG pic.twitter.com/7vmR80cEII
— Ashwini Vaishnaw (@AshwiniVaishnaw) July 19, 2024
The same Reddit thread mentions that CrowdStrike has officially mentioned in the fix that the Engineering Team has identified an issue with content deployment and has reverted the changes. However, the affected laptops and PCs must follow the workaround steps to fix their systems.
In the meantime, Microsoft 365 Cloud services also faced a separate outage this morning. Microsoft has issued a statement about that issue, and services seems to be getting back online now as per Cloud Status and the statement. Here’s that tweet:
We’re investigating an issue impacting users ability to access various Microsoft 365 apps and services. More info posted in the admin center under MO821132 and on https://t.co/W5Y8dAkjMk
— Microsoft 365 Status (@MSFT365Status) July 18, 2024
