Viewable by the world

What happened ?
On 2024-07-18 between 9:00 pm and 9:30 pm we started hearing news that windows computers running Crowdstrike have started showing the infamous "Blue Screen of Death" (BSOD). Upon further investigations we identified the Internet at large was experiencing this issue. This is a a global event - with numerous computers being affected. 

My Computer keeps booting to a blue screen, what can I do ?

Option1 - Reboot

There does appear to be some chance just rebooting your computer will clear the issue, try that first.

Option 2 - Fix one computer from Recovery Mode

  1. Boot Windows into Safe Mode or the Windows Recovery Environment

  2. Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
  3. Locate the file matching “C-00000291*.sys”, and delete it. 

  4. Note this file will always exist, you only need to delete it if you are having boot problems

    1. if the file has a timestamp of 0409 UTC ( 09:09 PM PDT), it is the problematic version

  5. Boot the host normally.

This CrowdStrike Host Self-Remediation video covers the steps nicely. 

Option 3 - Microsoft Recovery Tool

Microsoft created a tool to assist with fixing CS.  It does take some time to create this tool since it needs to download large file and assemble them on a USB drive. You then boot the computer from the USB drive to fix a computer. If you have many computers to fix, this method is recommended.

https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959

Option 4 - IT provided Microsoft Recovery Tool Images

The IT Division has compiled the above tool, there is an iso (400M, recommended) or bin (15G, USB image), both links are to Google Drive. 

Option 5 - Contact IT 

Contact the IT Help Desk at [email protected] if you need assistance. Phone and chat responses will be slower due to the extreme volume of calls.

FAQ

  • This issue is not impacting Mac or Linux
  • Windows hosts which have not been impacted do not require any action as the problematic channel file has been reverted

https://www.reddit.com/r/crowdstrike/comments/1e6vmkf/bsod_error_in_latest_crowdstrike_update/


News and sources 
https://www.nytimes.com/live/2024/07/19/business/global-tech-outage
https://www.theverge.com/2024/7/19/24201717/windows-bsod-crowdstrike-outage-issue 
https://www.marketwatch.com/story/airlines-grounded-companies-experiencing-outages-tied-to-crowdstrike-issue-fc94611d 

You can link to this page using https://go.lbl.gov/crowdstrike-issue

Was this site useful for you? Do you have any feedback or suggestions? Please click here to send your comments about this FAQ to IT.