Crowdstrike Outage – How To Fix

Crowdstrike BSOD

What a way to start a Friday morning, TGIF… not really. A global outage related to an update pushed to cybersecurity software Crowdstrike has resulted in outages across the globe. From flight delays to closed banks and medical practices not being able to see patients and small businesses across the globe, it was not a fun Friday morning for the staff or IT departments.

A fix has been found to get systems back up and running. The fix does require physical access to the machine, as it needs to be booted into Safe Mode. If BitLocker is enabled, the recovery key needs to be manually entered.

  1. Boot Windows into Safe Mode or the Windows Recovery Environment
  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it
  4. Boot the host

https://www.crowdstrike.com/blog/statement-on-falcon-content-update-for-windows-hosts

This update only affects Windows systems and does not affect Linux or MacOS systems.