How to fix CrowdStrike BSODs in three minutes — fix requires manual changes, but they are simple

(Image credit: Tom's Hardware)

If your machines have been impacted by the recent CrowdStrike outage, then this is the how-to for you. Users across the globe have been impacted by the infamous Blue Screen of Death (BSoD), triggered by CrowdStrike’s update of its Falcon Sensor application. An application designed to protect your machines from malicious threats is now the source of one of the largest outages in recent memory. Below we have instructions that can fix the issue in just a few moments.

The official fix, as detailed below, comes from CrowdStrike and effectively sees us regressing the update to a previous working state. Whether this will be automated in the future remains to be seen.

If you have been affected by the CrowdStrike outage, here are the steps to fix it. Note that these steps must be completed for every affected machine. At the time of writing, no automated service can do this, so your sysadmin or IT support team will be busy for the next few days.

Boot your Windows system into safe mode or the Windows Recovery Environment (winRE)by first powering up your machine until a manufacturer's logo is visible. Press and hold the power button for ten seconds to turn off the machine. Repeat this process once more
Press the power button again to power up and the machine will boot to the winRE.
From the option menu select Troubleshoot >> Advanced Options >> Startup Settings >> Restart.
Select option 5 or press F5 to restart the machine in safe mode with Networking.
Wait for the machine to boot into the safe mode desktop.
Open the File Manager and navigate to C:\Windows\System32\drivers\CrowdStrike
Look for and delete any files that match the pattern "C-00000291*.sys"
Reboot as normal.

You should now be able to boot into and use your Windows PC as normal.

The IT world is currently reeling from this outage, with many questioning how this issue made it to production, when it should’ve been tested before release. This outage may also force companies to add a staging step to their update management policies, testing the updates in an isolated environment before they are pushed live.

Les Pounder is an associate editor at Tom's Hardware. He is a creative technologist and for seven years has created projects to educate and inspire minds both young and old. He has worked with the Raspberry Pi Foundation to write and deliver their teacher training program "Picademy".

More about windows

Microsoft eliminates workaround that circumvents Microsoft account requirement during Windows 11 installation

How to use the Warp AI-enabled terminal for Windows or Linux

Chinese PCIe 5.0 SSD boasts 14.9 GB/s speeds, positioning as the fastest mainstream PCIe 5.0 drive on the market

See more latest

41 Comments Comment from the forums

JamesJones44

Only use Windows for gaming and the problem was fixed before it began ;)
Reply
elforeign

Thank you! Not affected by the system outage, but this is what the world needs. Clear instructions to solve a problem.
Reply
NinjaNerd56

Amen.

No drama, just here’s how.
Reply
sepuko

NinjaNerd56 said:
Amen.

No drama, just here’s how.
Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT.
Reply
vanadiel007

Blows my mind banks and a whole bunch of others are just applying updates across the board without first testing them in house to ensure they will not cause issues.

I mean, they were lucky this was not a virus or backdoor that slipped it's way into the update process.

Totally unacceptable that companies just update their machines without checking anything and just blindly trust updates.
Reply
bill001g

Sounds like it is much more complex if you have bitlocker on it.

Can you even think to be the guy who walks into a datacenter with cabinets as far as you can see with multiple server per cabinet and know you have to physically touch every device.....even if the fix is "easy"
Reply
Muratus

sepuko said:
Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT.
Yea, that will be me. I'm a onsite IT Tech, just got the call to be ready for a busy weekend.
Reply
Makaveli

sepuko said:
Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT.
This simple until you have to do it in volume.
Reply
mac_angel

Doesn't work for me. Fiance works for Roger's Communications remotely. I can't get her laptop to boot into safe mode at all. I was given the recovery key and Admin password from their IT to try, but no luck.

no access to the BIOS as of yet ( to get into Boot Options). I didn't get that password from them. A level 2 tech should be calling at some point, but not expecting it to be today.
Reply
rgd1101

what the laptop? what os?

yeah is not that simple. business pc/laptop usually lockdown. user won't have admin access to get to that crowdstrike folder. for remote they will have to get the admin account/password to delete a file. and that is without bitlocker.
Reply

Show more comments

Stay On the Cutting Edge: Get the Tom's Hardware Newsletter