CrowdStrike Update Triggers Blue Screen of Death on Windows, Impacting Numerous Users

A growing number of media companies, tech firms, and educational institutions this morning are experiencing the notorious Blue Screen of Death (BSOD) on Windows 10 systems. Affected PCs are becoming stuck on the “Recovery” screen, displaying the message: “It looks like Windows didn’t load correctly. If you’d like to restart and try again, choose Restart my PC below.”

This widespread Windows 10 BSOD issue has been traced back to a recent CrowdStrike update. CrowdStrike, as you may already know, are a provider of endpoint protection and cyber security services, which is widely used across numerous industries. However, the latest update for CrowdStrike sensors is causing significant disruptions, leaving many organisations scrambling for solutions.

This morning, (Friday 19th July 2024), social media users have shared pictures of their screens stuck on the recovery page, displaying the message: "It looks like Windows didn't load correctly. If you'd like to restart and try again, choose Restart my PC below."

The issue is affecting various businesses including within the US. Major US carriers, including American Airlines, Delta Airlines, and United Airlines, implemented ground stops this morning due to communication issues.

What is the blue screen of death?

The Blue Screen of Death (BSOD) is a critical error screen displayed by the Microsoft Windows operating system when a severe system error occurs. This error, officially known as a "Stop Error," forces the computer to restart, effectively halting all operations and preventing further damage to the system. The BSOD is characterised by a blue screen with white text, detailing the error code and often providing technical information that can help diagnose the underlying issue.

Can this error be fixed?

CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes. If hosts are still crashing and unable to stay online to receive the Channel File Changes, the following steps can be used to workaround this issue:


Workaround Steps:

- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.

CrowdStrike periodically updates its software, known as sensors, which are installed on client machines to provide endpoint protection. However, the recent update caused an issue with the csagent.sys file.

Crowdstike has acknowledged the issue and provided the following statement: Hello everyone – We have widespread reports of BSODs on windows hosts, occurring on multiple sensor versions. Investigating cause. TA will be published shortly.

Latest insights and articles

As part of our ambitious growth plans, we are seeking an experienced SOC Analyst to enhance our dynamic team.

At CybaVerse, we believe every team member has a unique and different story to share.

On November 12, 2024, Microsoft rolled out its latest Patch Tuesday updates addressing 91 vulnerabilities,...

The Future of Cyber Security.