Ransomware

CERT-In: CrowdStrike Update Caused Windows BSOD Outages

Critical CrowdStrike Falcon Sensor Update Blamed for Widespread Blue Screen of Death (BSOD) Errors on Windows Machines

by Krishna Murthy July 19, 2024

Share on LinkedInShare on Twitter

Amidst the global outage affecting Microsoft Windows systems, the Indian Computer Emergency Response Team (CERT-In) has issued a critical advisory (CIAD-2024-0035) to address the issue.

This outage seems to have stemmed from a recent update to the CrowdStrike Falcon Sensor, a popular endpoint detection and response (EDR) solution. Dubbed the Blue Screen of Death (BSOD), the outage has disrupted operations across airports, hospitals, software firms among other sectors globally and is generating widespread frustration among users.

Flawed Update Led to BSOD: CERT-In

According to the CERT-In advisory, Windows hosts equipped with the CrowdStrike Falcon Sensor experienced crashes and the infamous BSOD following a recent update to the agent. This critical error typically indicates a system halt due to a hardware or software failure, rendering the affected device inoperable.

The exact cause of the BSOD remains undisclosed, but the swift action taken by CrowdStrike suggests a flaw within the update itself. The CrowdStrike team promptly reverted the changes, potentially mitigating further disruptions.

Resolving the Issue: Workarounds and Updates

While the update has been rolled back, some Windows systems might still be experiencing issues. CERT-In has provided a workaround for these cases, involving booting into Safe Mode or the Windows Recovery Environment and manually deleting a specific file associated with the faulty update.

  • Navigate to the directory C:WindowsSystem32driversCrowdStrike and locate the file matching the pattern “C-00000291*.sys”.
  • Delete the identified file and reboot the host normally

Additionally, users have been advised to check the CrowdStrike support portal for the latest updates and recommendations.

Microsoft Statement on BSOD

While CERT-In’s advisory primarily focuses on the technical aspects of the issue, news reports suggest a broader collaborative effort between Microsoft and CrowdStrike. Earlier on Friday, Microsoft acknowledged that an outage in its online services had affected customers worldwide.  In its latest update in a post on social media platform X, Microsoft stated, “Our services are still seeing continuous improvements while we continue to take mitigation actions. Multiple services are continuing to see improvements in availability as our mitigation actions progress.

A recent surge in BSOD reports across various Microsoft Windows versions coincided with the timeframe of the CrowdStrike update. Though details remain unconfirmed, this potentially points towards a wider impact beyond the systems specifically mentioned in the CERT-In advisory.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button