Banks, airlines, supermarkets, broadcasters, and more are all reporting Blue Screen of Death (BSOD) issues today after an update from cybersecurity provider CrowdStrike has caused computers to get stuck in a BSOD loop.
⚡ TL;DR | Go Straight to the CrowdStrike Falcon Sensor Audit
Organizations worldwide are reporting Blue Screen of Death (BSOD) issues this morning, including Sky News, Lufthansa, Delta Airlines, Prague Airport, and more are coming in every hour. A faulty update from cybersecurity provider CrowdStrike is causing the affected PCs and servers to go offline and enter a recovery boot loop, preventing proper startup.
To show you exactly how you can discover and easier mitigate these BSOD issues, we’ve also created a video which highlights how our CrowdStrike Falcon Sensor audit can be used in combination with our other data points to make mitigation a bit easier.
Approximately 20% of Devices Affected
Our data shows that approximately 20% of all business windows devices have the CrowdStrike agent installed on it and could be at risk which is in line with the sheer number of organizations reporting issues.
Lufthansa has stated that currently, the company’s booking retrieval capabilities may be limited, but they are actively working on a solution.
Prague Airport has also been impacted by the check-in system outage, resulting in delays for some departures from the Czech capital.
Meanwhile, Sky News has not been able to broadcast at all this morning due to their infrastructure being affected.
CrowdStrike Workaround
CrowdStrike published a TA on their website which provides some minor additional details on how IT teams globally can resolve the BSOD issues on affected devices.
CrowdStrike Engineering has identified a content deployment related to this issue and reverted those changes.
CrowdStrike TA
Workaround Steps:
- Boot Windows into Safe Mode or the Windows Recovery Environment
- Navigate to the C:\Windows\System32\drivers\CrowdStrike directory
- Locate the file matching “C-00000291*.sys”, and delete it.
- Boot the host normally.
Microsoft also chipped in and provided a recovery tool to help administrators restore their devices. It contains detailed information on how to restore devices with and without BitLocker encryption enabled.
Find Affected Devices
To discover which devices might be affected, we’ve created an CrowdStrike Falcon Sensor audit which provides you with an overview of all your devices that have a Sensor installed on it and as a result might have gotten the update which is causing the BSOD.
Devices in this audit which are not reporting back anymore and should, are likely stuck in the recovery boot loop, giving you an accurate list to start remediating the BSOD issues.
Additionally, Lansweeper can also provide you with BitLocker recovery keys for each device so that if any BitLocker encrypted devices are affected, you have all the data at your fingertips to start remediation.
