Microsoft Offers Recovery Steps for CrowdStrike Update Chaos
Faulty CrowdStrike update caused BSODs and bootloops on Windows devices. Microsoft offers recovery steps including Safe Mode, file deletion, and Bitlocker key.
The world of IT faced a major disruption on July 18th after a faulty update from cybersecurity firm CrowdStrike. The update, meant for their Falcon agent on Windows devices, contained critical bugs. This resulted in a widespread occurrence of Blue Screens of Death (BSODs) with error codes 0x50 and 0x7E, as well as systems getting stuck in bootloops. These crashes affected numerous critical sectors worldwide, including airports, hospitals, news organizations, and software companies.
While CrowdStrike has rolled back the update, it doesn't fix the issue for already affected machines. Thankfully, Microsoft has stepped in to offer recovery guidance for its Windows users.
Microsoft's Recovery Recommendations:
- Boot into Safe Mode or Windows Recovery Environment: This allows accessing essential system functions for troubleshooting.
- Delete the Faulty File: Navigate to
C:\Windows\System32\drivers\CrowdStrike
and locate the file namedC-00000291*.sys
. Delete this file. - Restart the Device: Once the file is deleted, attempt to restart your device normally.
- Bitlocker Recovery: In some cases, recovery might require your Bitlocker key. Make sure you have this readily available.
Taking Back Control:
By following these steps and referencing the provided resources, IT professionals can potentially recover affected systems and minimize downtime caused by the CrowdStrike update. This situation highlights the importance of having robust disaster recovery plans in place.