How to fix CrowdStrike BSODs in three minutes — fix requires manual changes, but they are simple

How-to
By published

Eight steps to get you back on track.

CrowdStrike
(Image credit: Tom's Hardware)

If your machines have been impacted by the recent CrowdStrike outage, then this is the how-to for you. Users across the globe have been impacted by the infamous Blue Screen of Death (BSoD), triggered by CrowdStrike’s update of its Falcon Sensor application. An application designed to protect your machines from malicious threats is now the source of one of the largest outages in recent memory. Below we have instructions that can fix the issue in just a few moments.

The official fix, as detailed below, comes from CrowdStrike and effectively sees us regressing the update to a previous working state. Whether this will be automated in the future remains to be seen. 

If you have been affected by the CrowdStrike outage, here are the steps to fix it. Note that these steps must be completed for every affected machine. At the time of writing, no automated service can do this, so your sysadmin or IT support team will be busy for the next few days.

  1. Boot your Windows system into safe mode or the Windows Recovery Environment (winRE)by first powering up your machine until a manufacturer's logo is visible. Press and hold the power button for ten seconds to turn off the machine. Repeat this process once more
  2. Press the power button again to power up and the machine will boot to the winRE.
  3. From the option menu select Troubleshoot >> Advanced Options >> Startup Settings >> Restart.
  4. Select option 5 or press F5 to restart the machine in safe mode with Networking.
  5. Wait for the machine to boot into the safe mode desktop.
  6. Open the File Manager and navigate to C:\Windows\System32\drivers\CrowdStrike
  7. Look for and delete any files that match the pattern "C-00000291*.sys"
  8. Reboot as normal.

You should now be able to boot into and use your Windows PC as normal.

The IT world is currently reeling from this outage, with many questioning how this issue made it to production, when it should’ve been tested before release. This outage may also force companies to add a staging step to their update management policies, testing the updates in an isolated environment before they are pushed live.

Les Pounder
Les Pounder

Les Pounder is an associate editor at Tom's Hardware. He is a creative technologist and for seven years has created projects to educate and inspire minds both young and old. He has worked with the Raspberry Pi Foundation to write and deliver their teacher training program "Picademy".

Read more
GeForce RTX 5090 Founders Edition
Upcoming driver to fix Nvidia RTX 50-series black screen and BSOD issues
Nvidia GeForce RTX 5070 Founders Edition
Nvidia RTX 50 owners get another Hotfix, with 572.75 addressing crashes and clock speeds
RTX 40 series
RTX 40 GPU owners suffering from BSODs and crashes complain about Nvidia's RTX 50 focus
Asus graphics card DP and HDMI ports
Nvidia Hotfix arrives to address black screen issues remaining after Thursday's driver release
RTX 5090 HERO
Nvidia confirms it is investigating RTX 50-series BSOD and black screen troubles, no timeline for a fix
RTX 5090 HERO
Nvidia is investigating RTX 5090 and RTX 5080 instability issues
Latest in Windows
How to zoom in and out in Windows
How to Zoom in and Out in Windows 11 or 10
Windows 11 logo on blue bloom background.
Windows 11 Insider builds offer FAQs based on your PC's specs
How to Restart Windows Explorer in Windows 11
How to Restart Windows Explorer in Windows 11
Intel Core i9-9900K
Microsoft updates Windows 11 CPU support for OEM systems to include 8th to 10th Gen Intel CPUs
screenshot of Windows 11 Task Manager
Windows 11 Task Manager update will show accurate CPU utilization, align with industry standards
Windows 11
Microsoft trims File Explorer's Recent, Favorites, and Recommended content in Europe
Latest in How-To
Best Online Slicers
6 Best Online Slicers to Try — 3D Slice on the Cloud
How to zoom in and out in Windows
How to Zoom in and Out in Windows 11 or 10
How to Restart Windows Explorer in Windows 11
How to Restart Windows Explorer in Windows 11
Salmon Skin Problems
How to fix Salmon Skin Problems in 3D Prints
Botspot BVM Win 11
Run Windows 11 on Raspberry Pi 5 with Botspot Virtual Machine
Pico NFC
How to use an RFID reader with a Raspberry Pi Pico
More about windows
How to zoom in and out in Windows

How to Zoom in and Out in Windows 11 or 10
How to Restart Windows Explorer in Windows 11

How to Restart Windows Explorer in Windows 11
Ryzen 5 9600X

AMD Ryzen 5 9600X hits all-time low price
See more latest
41 Comments Comment from the forums
  • JamesJones44
    Only use Windows for gaming and the problem was fixed before it began ;)
    Reply
  • elforeign
    Thank you! Not affected by the system outage, but this is what the world needs. Clear instructions to solve a problem.
    Reply
  • NinjaNerd56
    Amen.

    No drama, just here’s how.
    Reply
  • sepuko
    NinjaNerd56 said:
    Amen.

    No drama, just here’s how.
    Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT.
    Reply
  • vanadiel007
    Blows my mind banks and a whole bunch of others are just applying updates across the board without first testing them in house to ensure they will not cause issues.

    I mean, they were lucky this was not a virus or backdoor that slipped it's way into the update process.

    Totally unacceptable that companies just update their machines without checking anything and just blindly trust updates.
    Reply
  • bill001g
    Sounds like it is much more complex if you have bitlocker on it.

    Can you even think to be the guy who walks into a datacenter with cabinets as far as you can see with multiple server per cabinet and know you have to physically touch every device.....even if the fix is "easy"
    Reply
  • Muratus
    sepuko said:
    Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT.
    Yea, that will be me. I'm a onsite IT Tech, just got the call to be ready for a busy weekend.
    Reply
  • Makaveli
    sepuko said:
    Unles you're the poor IT guy who needs to do it on 10s of thousands of pcs, vms, atms and kiosks, this solution is ludicrous, it will cost companies A LOT.
    This simple until you have to do it in volume.
    Reply
  • mac_angel
    Doesn't work for me. Fiance works for Roger's Communications remotely. I can't get her laptop to boot into safe mode at all. I was given the recovery key and Admin password from their IT to try, but no luck.

    no access to the BIOS as of yet ( to get into Boot Options). I didn't get that password from them. A level 2 tech should be calling at some point, but not expecting it to be today.
    Reply
  • rgd1101
    what the laptop? what os?

    yeah is not that simple. business pc/laptop usually lockdown. user won't have admin access to get to that crowdstrike folder. for remote they will have to get the admin account/password to delete a file. and that is without bitlocker.
    Reply