Global Outage : Windows machines in a BSOD loop after CrowdStrike update

Global Outage : Windows machines in a BSOD loop after CrowdStrike update

Global Outage : Windows machines in a BSOD loop after CrowdStrike update

Globally, a recent update to the CrowdStrike Falcon sensor is seriously affecting Windows users. This upgrade is rendering systems unusable and causing blue screen of death (BSOD) cycles.

Starting on July 19, 2024, Windows 10 and 11 systems running CrowdStrike's endpoint security software are impacted by the problem. Users report repeatedly seeing "DRIVER_OVERRAN_STACK_BUFFER" error messages on their BSODs, which prevent the machine from booting up and operating normally.

Asserting that their engineering teams are "aware of reports of crashes on Windows hosts related to the Falcon Sensor," CrowdStrike has recognized the issue and said they are working to fix it.

Affected users are advised by the company not to file individual support tickets at this time. Enterprise users have been particularly hard hit by this upgrade; according to some businesses, hundreds of devices, including crucial production servers and SQL nodes, have been impacted.

In an effort to minimize the harm, some IT departments are removing CrowdStrike-related files from impacted systems in order to get those systems back up and running.

This incident brings to light the possible vulnerabilities that come with security software updates that happen automatically, particularly in workplace settings. In order to avoid such occurrences in the future, a large number of impacted users are now requesting the adoption of phased rollout rules and stricter testing protocols.

CrowdStrike is anticipated to release more information and a long-term solution to the problem as events unfold. Affected users are recommended to keep an eye on official CrowdStrike communication channels in the interim for instructions on recovery methods and temporary solutions.

Microsoft has informed users to expect "service degradation" and acknowledged that it is looking into a "issue" affecting its 365 apps and operating systems.

"American cybersecurity company CrowdStrike has taken ownership of the mistake and said they are "working on it." Experts warn that it is too soon to "rule out" the likelihood of a cyberattack but speculate that a "buggy" security upgrade may have caused the issue.

How to Check CrowdStrike sensor version is affected by the BSOD issue

  • Identify your sensor version: Boot into Safe Mode and check the CrowdStrike Falcon sensor version installed on your system. The problematic update seems to be affecting various sensor versions, including version 6.58.
  • Check the installation date: Look at the installation date of the CrowdStrike Falcon sensor. If it coincides with the onset of BSOD issues (around July 19, 2024), it’s likely to be the cause.
  • Look for specific error messages: The BSOD error associated with this issue is “DRIVER_OVERRAN_STACK_BUFFER”. If you’re seeing this error, your system is likely affected.

Possible Workarounds

  • Boot Windows into Safe Mode or the Windows Recovery Environment
  • Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  • Locate the file matching “C-00000291*.sys”, and delete it.
  • Boot the host normally.