CrowdStrike Update Leads to Widespread Windows BSOD Crashes

Home/Internet Security, Security Advisory, Security Update, windows/CrowdStrike Update Leads to Widespread Windows BSOD Crashes

CrowdStrike Update Leads to Widespread Windows BSOD Crashes

A recent CrowdStrike update has caused widespread Blue Screen of Death (BSOD) errors on Windows machines. The issue affects multiple versions of the company’s sensor software, prompting an urgent investigation and quick response from CrowdStrike’s engineering team. Reports on Reddit confirm that this update is linked to numerous Windows crashes.

Immediate Impact and User Feedback

Users in various sectors have reported BSOD errors on Windows machines due to recent CrowdStrike updates.

The issue appears to be widespread, impacting machines running various versions of the CrowdStrike sensor software.

“We’re aware of a widespread issue causing BSOD errors on Windows machines across various sensor versions,” a CrowdStrike representative stated in a pinned forum message.

The company has acknowledged the problem and is actively investigating the root cause. The sudden crashes have disrupted business operations and personal computing, with many users expressing frustration over the unexpected downtime.

CrowdStrike’s forums have been inundated with reports and queries from affected users seeking solutions and updates.

Engineering Response and Reversion of Changes

CrowdStrike’s engineering team quickly tackled the issue. They found and reversed a problematic update, which should help reduce BSOD errors while they work on a permanent fix. In the meantime, CrowdStrike has given users a workaround for the crashes.

The recommended steps are:

  1. Boot the affected Windows machine into Safe Mode or the Windows Recovery Environment.
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory.
  3. Locate and delete the file matching “C-00000291*.sys”.
  4. Reboot the machine normally.

Ongoing Investigations – CrowdStrike update

CrowdStrike has assured users that a detailed Technical Alert (TA) will be published soon, providing more information and solutions. The pinned forum thread will remain active for updates and support.

Some users praised the company’s swift action and transparent communication, while others are concerned about further disruptions.

CrowdStrike’s engineering team continues to investigate the issue’s cause to prevent similar incidents in the future.

The incident highlights the challenges of maintaining complex cybersecurity systems and the importance of rapid response mechanisms.

While the immediate impact has been significant, the company’s proactive measures and ongoing investigations offer hope for a swift resolution. Users are advised to follow the workaround steps and stay tuned for updates.

To determine if your CrowdStrike sensor version is causing BSOD issues and to address it, follow these steps:

1. Identify Your Sensor Version

Boot into Safe Mode:

  • Restart your computer.
  • As your computer restarts, press F8 (or Shift + F8) to open the Advanced Boot Options menu.
  • Select Safe Mode and press Enter.

Check the CrowdStrike Falcon Sensor Version:

  • Once in Safe Mode, open the command prompt:
  • Press Win + R, type cmd, and press Enter.
  • Navigate to the CrowdStrike directory:
   cd "C:\Program Files\CrowdStrike"
  • Check the sensor version:
   csfalconctl.exe -g --version
  1. Note the sensor version displayed. If it’s version 6.58 or similar, it could be affected.

2. Check the Installation Date

Check Installation Date:

  • Open File Explorer and navigate to:
   C:\Program Files\CrowdStrike
  • Right-click on the csfalconctl.exe file and select Properties.
  • Go to the Details tab and look at the Date modified field. If the installation date coincides with the onset of BSOD issues (around July 19, 2024), it’s likely the cause.

3. Look for Specific Error Messages

Identify BSOD Error:

  1. If your system encounters a BSOD, note the error message. The specific error associated with this issue is “DRIVER_OVERRAN_STACK_BUFFER”.

Possible Workarounds

Boot Windows into Safe Mode or Windows Recovery Environment:

  1. Restart your computer.
  2. As your computer restarts, press F8 (or Shift + F8) to open the Advanced Boot Options menu.
  3. Select Safe Mode and press Enter.

Navigate to the CrowdStrike Directory:

  1. Open File Explorer and navigate to:
   C:\Windows\System32\drivers\CrowdStrike
  1. Look for a file matching “C-00000291*.sys”.

Delete the File:

  1. Right-click on the file and select Delete.

Boot Normally:

  1. Restart your computer normally to see if the BSOD issue is resolved.

Additional Notes:

  • Backup Data: Make sure to back up important files before making any changes.
  • Seek Support: Reach out to CrowdStrike support if you’re uncertain about any steps or if the problem continues.

These steps will assist you in identifying and potentially resolving the BSOD issue associated with the CrowdStrike Falcon sensor.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 952
By | 2024-08-29T00:22:39+05:30 July 19th, 2024|Internet Security, Security Advisory, Security Update, windows|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!