CrowdStrike has identified a faulty Channel File in its recent update as the cause of today’s significant global IT outage. This issue has led to widespread disruptions across various sectors, including airlines, banks, and government agencies, resulting in numerous systems displaying the infamous blue screen of death (BSOD).
To address this problem while allowing users to retain the Falcon Sensor update, CrowdStrike has provided a workaround for affected Windows systems. Follow these steps to resolve the issue:
- Boot into Safe Mode: Start your Windows system in Safe Mode or access the Windows Recovery Environment.
- Navigate to the CrowdStrike Directory: Go to the directory located at
C:\Windows\System32\drivers\CrowdStrike
. - Delete the Faulty File: Find and delete the file named “C-00000291*.sys”.
- Restart Your System: Boot your host normally to complete the process.
This workaround is crucial for restoring functionality to affected systems. CrowdStrike has emphasized that this incident is not a security breach but rather an operational error, and they are actively working to support impacted customers. For further assistance, users are encouraged to consult CrowdStrike’s support portal.
By following these steps, organizations can mitigate the impact of this outage and ensure their systems are back online promptly.
Citations:
[1] https://www.techtarget.com/searchsecurity/news/366596023/Defective-CrowdStrike-update-triggers-mass-IT-outages
[2] https://www.nbcnews.com/news/world/live-blog/live-updates-it-outage-flights-banks-businesses-microsoft-crowdstrike-rcna162669
[3] https://consent.yahoo.com/v2/collectConsent
[4] https://www.cybersecuritydive.com/news/crowdstrike-microsoft-global-IT-outage/721874/
[5] https://economictimes.indiatimes.com/news/et-explains/et-explains-how-a-faulty-microsoft-windows-update-by-crowdstrike-led-to-havoc/articleshow/111870913.cms