A failed update from security firm CrowdStrike caused numerous Windows systems worldwide to shut down. The Falcon Sensor update resulted in many computers no longer being able to boot successfully. After installing the update and restarting the systems, a blue screen appeared on the affected devices.
What you should do now if you are affected by the CrowdStrike crash
As reported by golem.de, there is already a first workaround. As of today, 22 July 2024: CrowdStrike has published a statement with instructions on how to proceed and is keeping it up to date. Our partner cohesity has also published workarounds.
This is to delete the files C:\Windows\System32\drivers\CrowdStrike\C-00000291*.sys. The system can then be restarted as usual. These files contain kernel modules or device drivers for Falcon. After a successful restart, it is essential to check that Falcon is working properly.
A disaster recovery planand a cleanroom can prevent such failures and increase the company's cyber resilience: The former enables a well-defined procedure in the event of an incident. The latter ensures that a rollback via a backup functions smoothly.
Do you have questions about the workaround or about disaster recovery and the cleanroom?
André Wild, Consultant
Phone +4917254114229