How to fix CrowdStrike BSODs in three minutes — fix requires manual changes, but they are simple
Eight steps to get you back on track.
If your machines have been impacted by the recent CrowdStrike outage, then this is the how-to for you. Users across the globe have been impacted by the infamous Blue Screen of Death (BSoD), triggered by CrowdStrike’s update of its Falcon Sensor application. An application designed to protect your machines from malicious threats is now the source of one of the largest outages in recent memory. Below we have instructions that can fix the issue in just a few moments.
The official fix, as detailed below, comes from CrowdStrike and effectively sees us regressing the update to a previous working state. Whether this will be automated in the future remains to be seen.
If you have been affected by the CrowdStrike outage, here are the steps to fix it. Note that these steps must be completed for every affected machine. At the time of writing, no automated service can do this, so your sysadmin or IT support team will be busy for the next few days.
- Boot your Windows system into safe mode or the Windows Recovery Environment (winRE)by first powering up your machine until a manufacturer's logo is visible. Press and hold the power button for ten seconds to turn off the machine. Repeat this process once more
- Press the power button again to power up and the machine will boot to the winRE.
- From the option menu select Troubleshoot >> Advanced Options >> Startup Settings >> Restart.
- Select option 5 or press F5 to restart the machine in safe mode with Networking.
- Wait for the machine to boot into the safe mode desktop.
- Open the File Manager and navigate to C:\Windows\System32\drivers\CrowdStrike
- Look for and delete any files that match the pattern "C-00000291*.sys"
- Reboot as normal.
You should now be able to boot into and use your Windows PC as normal.
The IT world is currently reeling from this outage, with many questioning how this issue made it to production, when it should’ve been tested before release. This outage may also force companies to add a staging step to their update management policies, testing the updates in an isolated environment before they are pushed live.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Les Pounder is an associate editor at Tom's Hardware. He is a creative technologist and for seven years has created projects to educate and inspire minds both young and old. He has worked with the Raspberry Pi Foundation to write and deliver their teacher training program "Picademy".
Microsoft reiterates that it will not lower Windows 11 requirements — A TPM 2.0 compatible CPU remains "non-negotiable" for all future Windows versions
Microsoft temporarily halts Windows 11 24H2 update on PCs with select Ubisoft games — avoiding frequent freezing and black screen glitches in modern Assassin's Creed, Star Wars, and Avatar titles
-
elforeign Thank you! Not affected by the system outage, but this is what the world needs. Clear instructions to solve a problem.Reply -
sepuko
Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT.NinjaNerd56 said:Amen.
No drama, just here’s how. -
vanadiel007 Blows my mind banks and a whole bunch of others are just applying updates across the board without first testing them in house to ensure they will not cause issues.Reply
I mean, they were lucky this was not a virus or backdoor that slipped it's way into the update process.
Totally unacceptable that companies just update their machines without checking anything and just blindly trust updates. -
bill001g Sounds like it is much more complex if you have bitlocker on it.Reply
Can you even think to be the guy who walks into a datacenter with cabinets as far as you can see with multiple server per cabinet and know you have to physically touch every device.....even if the fix is "easy" -
Muratus
Yea, that will be me. I'm a onsite IT Tech, just got the call to be ready for a busy weekend.sepuko said:Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT. -
Makaveli
This simple until you have to do it in volume.sepuko said:Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT. -
mac_angel Doesn't work for me. Fiance works for Roger's Communications remotely. I can't get her laptop to boot into safe mode at all. I was given the recovery key and Admin password from their IT to try, but no luck.Reply
no access to the BIOS as of yet ( to get into Boot Options). I didn't get that password from them. A level 2 tech should be calling at some point, but not expecting it to be today. -
rgd1101 what the laptop? what os?Reply
yeah is not that simple. business pc/laptop usually lockdown. user won't have admin access to get to that crowdstrike folder. for remote they will have to get the admin account/password to delete a file. and that is without bitlocker.